MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
SHA3-384 hash: b0db33da575585a9c383992080b1fb46a377dfce6ce951ab99bc6d929e7ca35bb84167c0fb046d1e8a662e2447a18561
SHA1 hash: 5a92fc1d42b1d3088baad47bc7201491cc306788
MD5 hash: 2464811e6fa488ede771f272b6315e59
humanhash: beer-violet-blue-hawaii
File name:order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 10:48:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 870ee380df8ac3276ac8de5907dbcf00 (1 x GuLoader)
ssdeep 1536:IzqSPfxV40urLpJkgrKHxLdGKc+o0FDHdZ1gIBgYQM/beDawBbMaxUgaRt:APXWdZKVdhjFD9zkMZfoa
Threatray 5'153 similar samples on MalwareBazaar
TLSH 7AB36A03EC9C8663D1448BBD3D278DB93B1CB91908015BDF657AAD9FAD316422C9B21F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Tomoko <info@semco-ltd.com>
Reply-To: info@semco-ltd.com
Subject: Re:Re: Request for Quotation_PR#PS-AVP2-406890
Attachment: Required Equipment Item Specification_8915963B.img (contains "order.exe")

GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6519/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 08:40:24 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kh2oqyuf7dfyuffa2rll53m7cwec4twhqe54et7uyifchcorztia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
3707f19a40b8b5196bf6bf35dab58bd6e0b586533f47ee4f803f9f991ec5a77a
GuLoader
3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
5962532a97c0efd1227d42aeddeacf09c0f8c8787e476e650d71ceed4ed52d97
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11
GuLoader
97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
+ 5'143 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6rcda99x4a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 784ecbb5c2a0878453ae9c24a32ab455a3c24ba535d84720fb7baf62ab362868

GuLoader

Executable exe 51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378987/
  
Dropped by
MD5 db24366c2dd2f7c393acf812202ac67a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 784ecbb5c2a0878453ae9c24a32ab455a3c24ba535d84720fb7baf62ab362868
Cape
Cape
https://www.capesandbox.com/analysis/6519/

Comments