MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c567d47335c4c7a99133643e137e824203b8958b44e1c8a0aaef7a6aed39cf1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	4c567d47335c4c7a99133643e137e824203b8958b44e1c8a0aaef7a6aed39cf1
SHA3-384 hash:	54c14135ec4e1931220463d62f546e040ac176ec4c15271119c89db48e16e54502ae602f9f0f9f155360cc39c66cac1e
SHA1 hash:	603b69688a41bb7e1491376b17a06455e975c8a5
MD5 hash:	63421cbd65318fd16cebe28f84332ff7
humanhash:	lima-uncle-oranges-uncle
File name:	New Order PO2833620 From Metric Group.PDF.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	126'976 bytes
First seen:	2020-05-08 12:53:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6ffdfdf7396e385215bf14094fb09557 (1 x GuLoader)
ssdeep	1536:ilmYE3192JRRL8kdIlTQK/7skuMEenRK6Yten/kO4X4ZKRnMkz:vDqtXKQO7skJ9RpnMOFKRf
Threatray	53 similar samples on MalwareBazaar
TLSH	F4C3618573C0F667D5E80EF2971A43D525F8AC39AD856B077BC8B11B6639E01EA20373
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: host.sarmcol.com
Sending IP: 199.217.117.157
From: order@metricgroup.co.za
Subject: New Order PO/28336/20 From Metric Group
Attachment: New Order PO2833620 From Metric Group.PDF.gz (contains "New Order PO2833620 From Metric Group.PDF.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.ProtectSharewar-2

PUA.Win.Packer.ProtectSharewar-3

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-08 13:13:50 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=jrlh2rztlrghvgitgzb6cn7ieqqdxckywrhbzcqkv332nlwtttyq._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-5cdfnpyql2/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

feb42e857f325d2f5efaef9bb65bd7b3

GuLoader

exe 4c567d47335c4c7a99133643e137e824203b8958b44e1c8a0aaef7a6aed39cf1

(this sample)

Dropped by

MD5 feb42e857f325d2f5efaef9bb65bd7b3

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample