MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a46dcdfbe1991b5e05e4681dc027f2a8fcfb62abab89421b7aefd7397dafdb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a46dcdfbe1991b5e05e4681dc027f2a8fcfb62abab89421b7aefd7397dafdb9
SHA3-384 hash: 2d874aad22ba25628fcffdfc95729bf2ee6836f66a9e90f59b07c5825d0379f721778bfd2d0959a0601f921cd6794092
SHA1 hash: 5cfebf72407e1fcadd1bd0caf252edc3fd857788
MD5 hash: 2858d6916a2472965117459ef499d87d
humanhash: romeo-west-johnny-north
File name:Order n °. 1702.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 08:59:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 424cbd1b930cd5424222711754581984 (1 x GuLoader)
ssdeep 1536:HJ69i/hFhpDXSoqSFF5kfxr8K5X2n4S/flXq1kkAgK/R:HeifhpDXay8xrviFIs
Threatray 87 similar samples on MalwareBazaar
TLSH 98B3D51776D99CE5EDB40FF14AA69EB41C2AAD2408414F43381EFB1E16773D22BB8216
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: fruela.greencom.net
Sending IP: 212.89.6.11
From: Joanne Ong <sales@pcontrol.com.sg>
Reply-To: sales@pcontrol.com.sg
Subject: Order n °. 1702
Attachment: Order n °. 1702.rar (contains "Order n °. 1702.exe")

GuLoader payload URL:
http://45.143.222.30/gigggo_drBWaw213.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5661/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 21:17:30 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2b551d98f7cfab5065bab4df3eae19af497e729a5dbe63655a8527988fb28ca1
GuLoader
437c65b9b088d283a4f8de7395eb28a90b69462c81de7d287ff0f55ea85da219
GuLoader
4675be33b1b3f4b1a348a86088a709b907841e6a6daaa37793c0ed994d40f5ae
GuLoader
4d4f1920e857285f7bb60473910ffabdd1cbbbb9140be18af0f226a247159546
GuLoader
74cfeab3123defd40a4efa419fcc77b17178c27b3b70b97972939f7a8d899957
GuLoader
7c808fef514fbb79de397a7c84bd1a2763b3b476c821d7c6f7d05b64501c900f
GuLoader
8630725356bc4afad2815f39d01238d6e10477e04d19b5fcedcafc93c7519683
GuLoader
98be845142b95ecbd3c9138d67e531253d822494a9359b14ddc83fde3add7996
GuLoader
d022613003b09d53a5004b7180d6d5bcfad0a1b1efefd3d7e6f69ca63204f483
GuLoader
d19cf303057d3c356982205081cf799fb3c1bd5b2e5fa4d471540dcc792d96f6
GuLoader
+ 77 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-5x3zs2ctdn/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar b0feedef4e0d7c6137e673f6fe83386d2bd91bbabd3eb777c5fc0740636876f1

GuLoader

Executable exe 7a46dcdfbe1991b5e05e4681dc027f2a8fcfb62abab89421b7aefd7397dafdb9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368708/
  
Dropped by
MD5 8477748fc4d719d5ddae0235a79269d5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b0feedef4e0d7c6137e673f6fe83386d2bd91bbabd3eb777c5fc0740636876f1
Cape
Cape
https://www.capesandbox.com/analysis/5661/

Comments