MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26c22b4054e91bf9d7b89ae538496d9b728486ae6b337ca31dd01f3200d7d7f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26c22b4054e91bf9d7b89ae538496d9b728486ae6b337ca31dd01f3200d7d7f8
SHA3-384 hash: e013372f8997f7ad396470a7c68b95dbe99946a036961edd3ae8cbf92c2052220d55f7984f3d941e4ce2df07753442b0
SHA1 hash: 04e65c1baf1504c1a40f8a499a3c7efe352a25f7
MD5 hash: 946da70a1f871463a031c3aaa29f09c3
humanhash: spaghetti-nebraska-happy-blue
File name:order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:28:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d5059c10bddded55264c32e40b5648c4 (1 x GuLoader)
ssdeep 768:1qfD+zyGtzH1wifFI45VXDXOKiGE2z4QJ32afuYdf19MnTJgCJPjJdawreAX:wD+mGVH13fb59OpGE2z4o3DF8n6CJG+
Threatray 196 similar samples on MalwareBazaar
TLSH 3BB3E923BAE09CB1D8608FB20D7186991D36FD6C6B200F1B7548BB5E3D361CF259076A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: fran.com
Sending IP: 83.166.245.173
From: RINNO\ <RINNO <andy8645@naver.com>
Reply-To: andy8645@naver.com
Subject: Request for Quotation - V-40795
Attachment: Drawing_RFQ_V40795.img (contains "order.exe")

GuLoader payload URL:
http://185.94.191.88/bin_qNQJqzF250.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5752/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 20:00:31 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
136951ab2919602366049b534cc5159e1d6da7bc46a9131ce292dcefaf05c449
GuLoader
286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
GuLoader
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
GuLoader
90f3c7b548e9f8d7477d4d1a2b8ea2bc2fcf26d36c79706e869fb9ded4813dfe
GuLoader
9848da60b74c19523583a237900008a3fcb268a9a4000c352f944f7d9f0d78e3
GuLoader
a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353
GuLoader
e013766345fe3fc36669625205e1088b24b4c9cd5b42696cdcf3cd31d76c8a35
GuLoader
f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844
GuLoader
fbd622c8e7c139a30ded3fdcaabf419b449910a084f80e8dc643567c4fca7919
GuLoader
fdee0aef0be932935554b59899df6f51b2caea4d730ca1179158c15f62a9ccf4
GuLoader
+ 186 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-n4c1vzxmb2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img b5e9d6f86e016ec136f226bc810963123ab424a428ba12d3cf4142bbebe9b547

GuLoader

Executable exe 26c22b4054e91bf9d7b89ae538496d9b728486ae6b337ca31dd01f3200d7d7f8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368753/
  
Dropped by
MD5 81ffbbaf0abf438ea867c220ffd1c19d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b5e9d6f86e016ec136f226bc810963123ab424a428ba12d3cf4142bbebe9b547
Cape
Cape
https://www.capesandbox.com/analysis/5752/

Comments