MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 742fa567f6c1b57e2d73442cd06817027e09ac33b4cbdbafef0cd462e9bf6343. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 742fa567f6c1b57e2d73442cd06817027e09ac33b4cbdbafef0cd462e9bf6343
SHA3-384 hash: 7e16be415cf19d5e992ce8d2feb736d6b94b6508abb8dd1d787fed67de6647a8816fd7ae7c86be029d2bb0b938dc6a29
SHA1 hash: 321b145d082c13bb6426cef3c0aa35af463f420d
MD5 hash: cec6b5bfaf84582c75bce0c83a3de2d3
humanhash: ink-nine-twenty-cat
File name:Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:33:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5ea5755caf00830da78b94bca4e40623 (1 x GuLoader)
ssdeep 1536:gA/5MrVchr8AZRBhP2e2968IUEUVctdDqAnB7CQPgiLqy9xdl39pER3ubIrl3jIA:HGrCRxFFR299ZEA+BpK3Tn
Threatray 188 similar samples on MalwareBazaar
TLSH 6E143B3AB266DCB1DA8449B0DCD4D5F018517C10E91B8E6B32D07F2F327A187DE66636
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 주식회사 아토즈서플라이서비스 <1231113kes@hanmail.net>
Subject: 견적 긴급 요청
Attachment: Rev-PO-068789MT100_65657_Sample-Order-.img (contains "Order.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1YqSVfiPRiAtYRqCZxJmAuXrFwe15wmRt

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5831/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50242.9072.18749.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:48:10 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219
GuLoader
15d5be42969f8c721f755e17bacdce7a02d12838134d441b1a99bcdee928bd85
GuLoader
160684d9f79b0e33093a76315cbe47afd4d0f27f5dadd1b6fa314d8ff8a64370
GuLoader
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
GuLoader
2eea12d417bbdbd859dc38307e5dfa3e90720865c81bc8ff99af0916d65e1a03
GuLoader
823a4cc1becefc6e8d75c478a8f79fe78852c3ef68e4801ab6e198fa34084f70
GuLoader
8f5fd43179a5ab283f7cab4fb285592a73348d2428a7034a1521fb12a1ead625
GuLoader
9611507e92379601368f95c9f9fbc933ba13114fee020ea12d19e6a43486bf6c
GuLoader
ebd6a36a1a04c51f11cf2bdddb5618da42e2839c1507e34e604627ae214c8e58
GuLoader
+ 178 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-clvhwr5eke/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 47a198a1aff99ac7951b680937cea913822d1aed72360568639f34f8efd133d5

GuLoader

Executable exe 742fa567f6c1b57e2d73442cd06817027e09ac33b4cbdbafef0cd462e9bf6343

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370291/
  
Dropped by
MD5 712b4c8d5795f571f14d7705fcaf211b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 47a198a1aff99ac7951b680937cea913822d1aed72360568639f34f8efd133d5
Cape
Cape
https://www.capesandbox.com/analysis/5831/

Comments