MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c28300cdf3427d16bba325ac19073a5ea652183b8ee79cdc979dbcd9727bb27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c28300cdf3427d16bba325ac19073a5ea652183b8ee79cdc979dbcd9727bb27
SHA3-384 hash: fbc3052197d516bc8b89f61635b98f2c52124286342fcc91fe4a29d8a2830696cd9a7acce31a18966c9add13ce64337f
SHA1 hash: 03cf58e8d592fb7d6cc3c07e9db098773b0d47ad
MD5 hash: daa01f5e9a9fb6cb70ad27548d6c4efd
humanhash: golf-emma-south-mike
File name:ORDER & INVOICE.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 08:26:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 38360fb1efbff1c1791f912e4f62c1c7 (1 x GuLoader)
ssdeep 768:O30XukeJBpKcUnL6VSMyGz887io1XnLkdnFlSTavfEy/ksnUzLLVzo1:O30+kCknL6VJPf1XwwTSksnoLK1
Threatray 750 similar samples on MalwareBazaar
TLSH 2D73191EFF5D8164F4054AB11955E066BB29BC3258065E0F73006EAAEC72A87FCF172B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "Sales Engineer" <user@t-online.de>
Subject: Re:picture of goods we will like to order from you.
Attachment: ORDER INVOICE.rar (contains "ORDER & INVOICE.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1ruj4EfLfnmtjm6oXOGEowWHp-7QWPElt

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5518/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-05-31 20:57:38 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lqudadg7gqt5c252gjnmdedtuxvgkimdxdxhttojphn43fzhxmtq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
GuLoader
52d3a075274a8986c3e44c30ff9037abe45f150b241f6aa48d8a4efcb467cbba
GuLoader
729c73ab057bc16133a582db643fc4654c806e76fa70d98dd82923b4f198c285
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71
GuLoader
acbdc5ee4cfd910a6d94ffee791a5f62631bbf449ee4883bdd3ae6b705b652ee
GuLoader
bdfc8efb0dd8f8530002fca468d1234513bf740a9515269621a83f9af1128550
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
f1f8f362f768269887febcea5bb11b4ece351b3c0b8be3682c6095fc9f3fcae4
GuLoader
faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0
GuLoader
+ 740 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-efej94r9l6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar d82b898e223a9fee10367b2b329ff03e1bc2bc96acf15bf43038e59abf834cde

GuLoader

Executable exe 5c28300cdf3427d16bba325ac19073a5ea652183b8ee79cdc979dbcd9727bb27

(this sample)

  
Dropped by
MD5 aaa62c27edffcbeec92040dcc3bc29c9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d82b898e223a9fee10367b2b329ff03e1bc2bc96acf15bf43038e59abf834cde
Cape
Cape
https://www.capesandbox.com/analysis/5518/

Comments