MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca805dc52512f1850422982cdd82ef272030398c365653dc52576e45cbb229a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca805dc52512f1850422982cdd82ef272030398c365653dc52576e45cbb229a4
SHA3-384 hash: ee13c35a264b06758c45f5331361753bf7051876eedfd2279338e977f8fb2437f4e0c75a6db8f4e0ea20f709e7b09556
SHA1 hash: 0f80cf50df1cdf4415d25934b875e2e5ff845500
MD5 hash: b45d4c98905f32a5490683938bac9f61
humanhash: monkey-angel-florida-ten
File name:New Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:28:54 UTC
Last seen:2020-05-28 09:27:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 84e9cbbd776d72320fedbcd5ed8eb75d (1 x GuLoader)
ssdeep 1536:41x+vIrFqh/oFpD3KfXceLBvC78Pu3DmSPYhpvWddzkjdv3ipSsoMQL:7vIrFqa3qcKw78mTHghVWcH
Threatray 131 similar samples on MalwareBazaar
TLSH AD144A7277AADC61D98615B0DCD2D9F92574BC10CD174E1B36C0BF3E32BA082AD62636
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: zimbra110-ind.megavelocity.net
Sending IP: 103.205.65.60
From: Mr. Yan <operation@spjcargo.com>
Reply-To: teomankadas@gmail.com
Subject: Invoice Order
Attachment: New Order.rar (contains "New Order.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1UozO7ygV5kSB6sqqijBq73Q4kK0nDZaN

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5815/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50216.3766.32366.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 03:57:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
190d8b4baeee83f2a23ce8ed96cc57ce538bbbbed88e69bdfe131ba7438bf3cc
GuLoader
1ea235444a0510aeabcc31b2092268c3d0d12d82130ad2cb4b9024246e54186b
GuLoader
25e1551ce3ed0f99ef77a16166273dacfbe6d0a37c9998a2f6c68639d21fc35e
GuLoader
286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
GuLoader
42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58
GuLoader
4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0
GuLoader
74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b
GuLoader
9f7bac168d783095c28bfe48f9ff40079fde45084dbe9aac78eefa54c4cf15ff
GuLoader
b0240d2ab275a142c3ba13632ebb00fd6cba189613ca85e4d800eb640ef0cd9f
GuLoader
e97244bc82d914b843dadf51702073bb1746d2e9d67f66e5c5aeef31f549a3c9
GuLoader
+ 121 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rbxhdqr7xa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f5b4b0be13093e821af841e8e29398b318fd8ecd3c290b45ed29f90049065ff9

GuLoader

Executable exe ca805dc52512f1850422982cdd82ef272030398c365653dc52576e45cbb229a4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370292/
  
Dropped by
MD5 19e8cd049bd286df3f1aca8556818832
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f5b4b0be13093e821af841e8e29398b318fd8ecd3c290b45ed29f90049065ff9
Cape
Cape
https://www.capesandbox.com/analysis/5815/

Comments