MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8db7966129f24922ad358bf76ba731da7a65cdcfde7cfeee7844f01e83230662. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8db7966129f24922ad358bf76ba731da7a65cdcfde7cfeee7844f01e83230662
SHA3-384 hash: 48f4663cd3be043c58eefc087d37a9645c70eea28847f10b1604b11e7162015afae6c6318fac5eec3fb2d99424d9e5ac
SHA1 hash: 93549fbf3122098c36b86a46aecc8065a6c27f00
MD5 hash: 4b6121bd874c8655278ca588d03c6773
humanhash: louisiana-seventeen-pip-black
File name:ORDER_2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 11:19:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4bb40864a31b215b430750c60010708e (3 x GuLoader)
ssdeep 1536:bhFO8lLuVfUrWuBIjc08KLzwKQwyLe4jjKgK9cWS:k8WuA88zwPlOGW
Threatray 939 similar samples on MalwareBazaar
TLSH FC9317037AD49501F1B24A712EBBC6A96F25FC190D439A0F318D594B7B307669CAC72F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp69.iad3a.emailsrvr.com
Sending IP: 173.203.187.69
From: islam.onsy@asass.net
Subject: REQUIRED QUOTATION FOR LISTED ITEMS
Attachment: QUOTATION_2020.rar (contains "ORDER_2020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1HjE7TxxeN1L4mF9gDJAo8XVSHfj5n9-j

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6095/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:32 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rw3zmyjj6jesfljvrp3wxjzr3j5gltop3z6p53tyityb5azdazra._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0cf9ce17aeee086bf3085133f76a2ec2856900ac84a5dc017bbd0f4d46bbb40f
GuLoader
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
2c27feaca7c04d48cd54730df7e4c89dc200d18658fd78c6a3388a94f15dca9b
GuLoader
7f833e247361f95f0686bed7fe55c6d9357837513e2edb0da3886ba850066d6c
GuLoader
96487abb17fc905506f1be48d51ea17bb652515d8e5f40a4f524daebe98a6efa
GuLoader
aef1b48a6c4077dd71346018f0fbbf86239a35f34babf980e4469da9ddbf42ac
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
f6c4c54e5af63b2b0f393830ddbf2a985289eb9bf6cb8a65ee7d68a79ddeb7f7
GuLoader
+ 929 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-at9lln4mba/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar e98de828626080d6f45cf6ffe7ee6f2b81bb11214ddfb973af122c19f8ad3f96

GuLoader

Executable exe 8db7966129f24922ad358bf76ba731da7a65cdcfde7cfeee7844f01e83230662

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374177/
  
Dropped by
MD5 7e7d56ebea9101f7baf65fcdd3e4e79c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e98de828626080d6f45cf6ffe7ee6f2b81bb11214ddfb973af122c19f8ad3f96
Cape
Cape
https://www.capesandbox.com/analysis/6095/

Comments