MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da40229062dc045460d3adcd70e42d15378ec4a83fd93738b30a59f5fab8da10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da40229062dc045460d3adcd70e42d15378ec4a83fd93738b30a59f5fab8da10
SHA3-384 hash: 5672808282e8bc6f1a79cc0da0f09b2af39eb239bd58ab85a2978546e777f96bc144e9c309671607664c35d864312633
SHA1 hash: ab032905dc7a9ad478d82b0de2ef4da7d62e63ee
MD5 hash: 4da30e16daaea6ebfbe19da38ffd0f7d
humanhash: single-magazine-eighteen-nitrogen
File name:Order FCA-742013_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2020-05-13 16:55:13 UTC
Last seen:2020-05-13 18:22:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3ec1f580b943cffb92e4376881aeec2c (1 x GuLoader)
ssdeep 1536:CgXMax1OWKPgLmYPg0/zZJ7O7O8rOBWLEQDWuAE7:Tcax1OWKPgLmYPhJ7O70WLE+6E7
Threatray 1'084 similar samples on MalwareBazaar
TLSH F3049417F55DCB9EE6008AF2F57442F0156AAF27E811581BF9C2FE3C347021DA6912EA
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp93.ord1c.emailsrvr.com
Sending IP: 108.166.43.93
From: Jane Hostetter <barry@ciroofing.com>
Reply-To: sales@steppersexpress.shop
Subject: Re: Order Receipt FCA-742013
Attachment: Order FCA-742013_pdf.img (contains "Order FCA-742013_pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.791968.25573.29081.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 17:36:39 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3jacfedc3qcfiygtvxgxbzbncu3y5rfih7mtooftbjm7l6vy3iia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1dfc1867ced521cbf61f7bbe647e8a6e5bdd3a05e22c05dcee20660e236d5812
GuLoader
31c29b9b1cee6db4cf305b1e74026561898466f13531fea132a8d4978db9e843
GuLoader
54c9ce578a123b2abbcb00af7638f3d1c93041959ebccf3981a099a869c5a171
GuLoader
8fc12c74c5af599fd99d302b2429d8c8a5d3a5d243d7941758fda223ee3cb7eb
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
efa7f245a35c85568d26690f149f992e77c007fa1fbb7c2f4f050cea7fcca930
GuLoader
+ 1'074 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fw92fe335n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 3ff6d52a74775c2395f7afe062186168a969cb4fdf4a18ff70ca730d2a00fb2a

GuLoader

Executable exe da40229062dc045460d3adcd70e42d15378ec4a83fd93738b30a59f5fab8da10

(this sample)

  
Dropped by
MD5 9f06cee068652a15a9b4ab5e1092a9f7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3ff6d52a74775c2395f7afe062186168a969cb4fdf4a18ff70ca730d2a00fb2a

Comments