MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10b16b423a1d81f655f5f213d5f5481ee7e64a187297a19f93b8c3f2f4f4b38b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	10b16b423a1d81f655f5f213d5f5481ee7e64a187297a19f93b8c3f2f4f4b38b
SHA3-384 hash:	8e10cead39847c0f76dc1b2ed0ab43385c54e60bed4b47c65d653a1e650bc97d69f7853179f4fdfed2af604a293ecd38
SHA1 hash:	5b7dd292577fd3ad6bd8b00823863cb9a354fe3d
MD5 hash:	2e431b91e639f5e5d9af8d749e1d8c80
humanhash:	table-earth-mexico-carpet
File name:	Order CNS-72391_pdf.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	221'184 bytes
First seen:	2020-05-12 16:30:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d568646b6121c142521a80e9861c17af (1 x GuLoader)
ssdeep	3072:fxlODDvnA5gDnZ+G4oxCDZhnybp0VY/R0BetH0FnCbos34Jjs7KtY6LeWV4lPy5c:fx8DvZswr
Threatray	258 similar samples on MalwareBazaar
TLSH	D924734BB11CE74DC20445B1F7B916FA45A89F3BE8508427F6C0FEAE76B560CA5212E3
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing unidentified malware:

HELO: smtp106.iad3b.emailsrvr.com
Sending IP: 146.20.161.106
From: Kathy Fedde <barry@ciroofing.com>
Reply-To: sales@steppersexpress.shop
Subject: Re: Order Receipt CNS-72391
Attachment: Order CNS-72391_pdf.img (contains "Order CNS-72391_pdf.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-12 16:36:44 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ccywwqr2dwa7mvpv6ij5l5kid3t6msqyokl2dh4txdb7f5huwofq._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-6dakzlmr5e/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

dc2f3ddbd54640886912424a19edd9e4

GuLoader

exe 10b16b423a1d81f655f5f213d5f5481ee7e64a187297a19f93b8c3f2f4f4b38b

(this sample)

Dropped by

MD5 dc2f3ddbd54640886912424a19edd9e4

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample