MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28e8757effdd7a8d51ecda429e1d68ca81626d31eee9921c1e1d3565a1e1fced. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 28e8757effdd7a8d51ecda429e1d68ca81626d31eee9921c1e1d3565a1e1fced
SHA3-384 hash: 2e1d56ad7ad69c9b861b4333c68e8a3d1700f5fb20b809632d74e22ae920cbf759b54897be3d55b80de11f21dc4bdcdb
SHA1 hash: 7e38dc7c7f361f4fc000f7efe9e4e97c7c68197e
MD5 hash: 45a0c9340651340dcca287dd0221b7fb
humanhash: california-alpha-early-alanine
File name:Quote_New Order. pdf.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 08:58:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 81b88ab0d41b22390a27fa236902b80c (1 x GuLoader)
ssdeep 1536:K7Qk8cTdCyvvUgV422/ZFHAhk12BPAJjRr6kJ95I8mb7bg:zctvvUg0Fwv+5I78
Threatray 153 similar samples on MalwareBazaar
TLSH 13C31827B9D84D91E9180EB10CB759A72A27FE3135901B1B3646FB6C26335CB39F470A
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: epch.com
Sending IP: 209.58.149.73
From: Aal Mir Trading CO<intlfair@epch.com>
Reply-To: misjyoon@gmail.com
Subject: New Order
Attachment: Quote_New Order. pdf.zip (contains "Quote_New Order. pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=14YtMvC0u99DN7PSNmChSBncp_fsd0SOl

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5660/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 03:16:47 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
3752c65cb7b5a3eba879dd5cc2c6d24eeaf14ca1674d05b76b2ec3e7354ed5f6
GuLoader
4968b59a47ff7fb809e5637733c2f4e743ddaf5d2bbdd88af19e2499e4c42e3a
GuLoader
51a5b26ec3238ab826baf519565e861b67e7db782dd3ee5e2058fc4931a52c40
GuLoader
8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
GuLoader
96e3dab826ca6a894973bdb308ce141be90e043efb7d3c707d8e09b35453e699
GuLoader
aa9d72c3f235f17048a1149b4f17df5a7ed4713097359ba5c4135fb0c922bdd2
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
f10634d37d3220faafddb7f5078cac8f2b6ed2a472ad68ff4b66e73908eb0706
GuLoader
+ 143 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-gyv93tcs76/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip db291469b03ed4c6f4029307e6cd00ab7d3d30c3ea21347eab8691e2432a3a8d

GuLoader

Executable exe 28e8757effdd7a8d51ecda429e1d68ca81626d31eee9921c1e1d3565a1e1fced

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368734/
  
Dropped by
MD5 bcdc312cbeaedef8aab550ca27f6787a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 db291469b03ed4c6f4029307e6cd00ab7d3d30c3ea21347eab8691e2432a3a8d
Cape
Cape
https://www.capesandbox.com/analysis/5660/

Comments