MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7299eda04e6f4f186eb5ef32a0bb702fb0a342fcf022b4f83b07116e18c7ecf9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7299eda04e6f4f186eb5ef32a0bb702fb0a342fcf022b4f83b07116e18c7ecf9
SHA3-384 hash: b29a334b2b97be7d6216e682ff928c8098b06e6c33ffed30852c9f1a13294b5ad519f5ae3d522a138fd5ae816743da3e
SHA1 hash: 1ad6fc8f2c7d526b0f9ded664001accda5c49473
MD5 hash: cf1bf3e763bab942a195887c2a155ceb
humanhash: spaghetti-fanta-diet-michigan
File name:order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:54'624 bytes
First seen:2020-05-21 08:50:19 UTC
Last seen:2020-05-21 09:51:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 27d618c2d2786c3b65b4887b97dbf868 (1 x GuLoader)
ssdeep 768:OKsEpVK0kMK2w9gjLqC8WtDsYXm6JltNiKMLL+7AtC4jUf2hU:hRLBwO3QGnF8KMLSAU4jUfr
Threatray 5'115 similar samples on MalwareBazaar
TLSH 42333A6595A0E133D9198AF03FB5C7AC166DBC351A51CC8BB8C47E4B9E76A03F12432B
Reporter abuse_ch
Tags:exe GuLoader

Code Signing Certificate

Organisation:Intacti
Issuer:Intacti
Algorithm:sha256WithRSAEncryption
Valid from:May 20 23:44:34 2020 GMT
Valid to:May 20 23:44:34 2021 GMT
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 51067BEE153F22DD15255BF47D757C370F7190342BC8AD9864018C11BB8E3012
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vm9win2.securesurfs.co
Sending IP: 162.213.42.222
From: Mr. Sajid Saad <support@goldfx.co>
Reply-To: support@goldfx.co
Subject: Re: Invoice/payment
Attachment: Invoicepayment.img (contains "order.exe")

GuLoader payload URL:
http://185.236.203.160/bin_infAhIbG124.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47980.4907.9589.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:36:30 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=okm63icon5hrq3vv54zkbo3qf6ykgqx46arlj6b3a4iw4ggh5t4q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
081858e28f031a112eeb27a1bf1755a669f591b9e46b00f4effe3636ec90ae86
GuLoader
0e319c36c39c8504a0349445b2282bc450758b7e670a3477c0653b1daafffaff
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
2bde030373678bb2df1223cd3e3c4e7f2992e30739dcc63b688368f02a100067
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
bb8016149b1cfa77fa6614decb51d21b20385e2749f1b667ad0d51615c9baf05
GuLoader
bf2c56fa8b5e9c316ec1dd825a2f0275bc3a8356723d7cd0ff2a3ca5166e6e52
GuLoader
c1b2a36d08dfb9bc18d53112299e6cef0c5057885918a4485b8f1b87a20d709a
GuLoader
c228a5356a247fc6ed50ff785a9364a7a9656c8f30e09e82f6e3f498a7f43353
GuLoader
+ 5'105 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7c9ge789m6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 7c42499db27d5fb219cfadecc2a325deabaa2ddc659f58225b7d15c35601b964

GuLoader

Executable exe 7299eda04e6f4f186eb5ef32a0bb702fb0a342fcf022b4f83b07116e18c7ecf9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365534/
  
Dropped by
MD5 ed1bc87250330bad5b4b0849e52e508a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 7c42499db27d5fb219cfadecc2a325deabaa2ddc659f58225b7d15c35601b964

Comments