MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
SHA3-384 hash: 35e3ca92a509e6f06275195a01561ed02e0240cd5c0bfe6007b49fd027c8aa0ec91d97ae7b431962c855e53eb7878ecc
SHA1 hash: 4635676c7d49c8d511a9d128deb1ad7abc61e7f4
MD5 hash: c4a7c264a7f9547e52fb052dedabc61e
humanhash: oscar-jupiter-harry-pip
File name:New Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 05:58:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a5107dfa0c95bb26b2d56daec8ca8079 (1 x GuLoader)
ssdeep 1536:7SPfxV40qE1arhb53tWkgrKHxLdGKc+o0FDHdZ1gIdMuDUEI0Y2sYKlO6t:+PXqE1G3t4KVdhjFD9zKEGF86t
Threatray 5'123 similar samples on MalwareBazaar
TLSH 1CB38D13ED4D8953D1484BBC3E178E793A1CB90C49015FDF713A6E9BAD326826C9B21E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yisun.co
Sending IP: 111.90.159.196
From: hamza <hamza@alqariab.de>
Subject: AF_New Order_
Attachment: New Order.zip (contains "New Order.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=10MrOGJzV6Z91JricRiimry_qY2xyDnKP

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6441/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 03:18:05 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bfi5rr6dderbo672ygcjhcgpp2kh23srzs7zg3d63upg27ce3koq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
31f02d35e3e941b42298936bd026b39a5d682825bc4b4277945f9f0143617931
GuLoader
4092b0f7ea14add16e6f6f35071b074458a19d4550af50a80ed5742cc7046568
GuLoader
60b16ec5588cc16f4513cd9c999ec223894cef95f7b48c5b180bfcf3852d1521
GuLoader
65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9
GuLoader
66812d316b85e20248c4af1f141a372ec1e434d951f7c6fc51402ab23da87845
GuLoader
773fbca16ec67d4820654e39aaa65645f8608a8f7186f12b5ed62498ff1334c6
GuLoader
89819dbac176147b14b878250b43d1954844e6f0d4bace8b4607bad4405ca96b
GuLoader
8c0b9f69c227d86700be2a4dc67460fa30e46610e444a7dbe143a9bc5bda1297
GuLoader
bb0c96dd4021c9d4f7b7f85ce5372ef74f7ba8c1a257d2c152db052020219799
GuLoader
e8172cbc3806d750d00a5619e618ffc068b9d8247b5f4da507642e70e32ac3f9
GuLoader
+ 5'113 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-b3dl15d98e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0b043b849265648dfd5204a33b993720fa2245f202fcf76d6032dd78b243c554

GuLoader

Executable exe 0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378992/
  
Dropped by
MD5 53195726236e023f43ec59e40d3275f2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 0b043b849265648dfd5204a33b993720fa2245f202fcf76d6032dd78b243c554
Cape
Cape
https://www.capesandbox.com/analysis/6441/

Comments