MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1743a5e236fbc214c0199172ba07c57b9e171e9865603f9a6b114dfb9ce5c17c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1743a5e236fbc214c0199172ba07c57b9e171e9865603f9a6b114dfb9ce5c17c
SHA3-384 hash: 8b91603f75bf9b41a78cc0856c6cbfcfa751494b6c3beb7764b2948aee93e7614c201fe3f574132f7b4d574fa9ba2c20
SHA1 hash: d75d8510504ebb6fdea044b1c2b10736480ea708
MD5 hash: fb84a96677328c2b3a34905e6203d1d0
humanhash: arizona-echo-pip-arizona
File name:order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:15:50 UTC
Last seen:2020-05-27 17:50:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 50e212ed1a0b368a811906d206093fe1 (1 x GuLoader)
ssdeep 768:o7ZHucDgll6sMMwHDC142ndoVkGuGvKFdE1h7jZQTm8UmgZUJZLRJrPrAAh:oZHuDXndoVkcKFWz7Gm1Cd
Threatray 191 similar samples on MalwareBazaar
TLSH CAB3C613B9C05DB2D9B88FF11D22DD961D3AAD2278014F0B7645FB8E28361DE64E079B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Batgerel Odsuren <odsuren.batgerel.me2@eng.nssmc.com>
Reply-To: odsuren.batgerel.me2@eng.nssmc.com
Subject: Request for Quotation of Screw Decanter Centrifuge_CE1 Project/AA167194000000 (Muhan Technical)
Attachment: FOQ20-0514-0064_PT. UNGGUL PRAKARSA PRISMA.img (contains "order.exe")

GuLoader payload URL:
http://185.94.191.88/bin_qNQJqzF250.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5745/
Detection(s):
SecuriteInfo.com.Variant.Jaik.40167.22156.7694.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 03:40:16 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
20be0c183bcbe3cf8b803b2afa2a87fddd7ec2adc68666fa29eb15c77292a0b9
GuLoader
3f0127ee22232724e7bedc05751de652d3e13a9f017ef69e2097f49fcc17b4c2
GuLoader
3f494d2d90c284f08aedea05b57a4eff483d51efe3a7b5cf9ad26c13f2d7e546
GuLoader
4876d264ad500b3dc254dec660891144c3118a6cc9a229c60d39ff20b584ec0a
GuLoader
7bf07cca387afc2d6efa371499a79223af509a0af21a1953d3e83fcf8c9554ba
GuLoader
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
GuLoader
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
GuLoader
85d879be258470ed22d55bb6fda8be5d0b7d480c23d95b252516e85ccad2fec4
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
GuLoader
+ 181 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rjt22gqtbs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img f52a8031ff6e71f6898fd49e036005f23dabe711a077c4d7fdcba350b7c65301

GuLoader

Executable exe 1743a5e236fbc214c0199172ba07c57b9e171e9865603f9a6b114dfb9ce5c17c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368753/
  
Dropped by
MD5 978a9fbc48d49519719d6b301159e0db
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f52a8031ff6e71f6898fd49e036005f23dabe711a077c4d7fdcba350b7c65301
Cape
Cape
https://www.capesandbox.com/analysis/5745/

Comments