MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d159f3626adf62282b20470b72d2d93408da1cc30bdc4df23030fe77e2c992f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d159f3626adf62282b20470b72d2d93408da1cc30bdc4df23030fe77e2c992f8
SHA3-384 hash: a58158b93ac5b36f238493c16d47e094f04cb79bbb7c6e09c9e0c73d7c683db91d96e1e07ba311909fdcf195435ab98f
SHA1 hash: 8d8a24bdb23854ca020cea86e6c75dc822729c14
MD5 hash: b0dddfecc539fff352942b36b9f4a29a
humanhash: undress-artist-ink-six
File name:PO. DIC-SAB-213-001-T-0023.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-21 08:16:13 UTC
Last seen:2020-05-21 08:53:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 55296fd5d744fc5bac1615e265983ec4 (1 x GuLoader)
ssdeep 768:s3/q8A6U81Bn7//qtvG9HezkA0JQgApdLqambREk15zh+FE:s3S8jhutIHeL0JCd+am9h15ke
Threatray 5'112 similar samples on MalwareBazaar
TLSH 49933A23AEBA6EF0F9B547B28C3295162427FE7004554B1B65CBB90D0B339CBED60716
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.moenepa.cf
Sending IP: 94.177.242.245
From: MAN Energy Solutions Korea Ltd <jkahn@cmcoeng.com>
Subject: Pricing Quotation Request_Brazil NW LNG Energy Plant Project
Attachment: PO. DIC-SAB-213-001-T-0023.exe

GuLoader payload URL:
https://www.jennydemalaga.es/vlad/bin_MxGuGYIDso13.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.30699.7828.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 04:30:50 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2fm7gytk35rcqkzai4fxfuwzgqenuhgdbpoe34rqgd7hpywjsl4a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
11124347d4a19a4f709bb4ebb2f9c12873f4f079ef3d5e60e18fa9a975302c70
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6
GuLoader
c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
f473972f1bc6adb86928a21d4a7af08550aec0ca5c17056a95e830142a2e8f11
GuLoader
+ 5'102 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-j2lek2kkgs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe d159f3626adf62282b20470b72d2d93408da1cc30bdc4df23030fe77e2c992f8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365785/
  
Delivery method
Distributed via e-mail attachment

Comments