MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91ccab55a241292f119e41c55467b08fd4fdade44fe0f9a36b5ad66848491c46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91ccab55a241292f119e41c55467b08fd4fdade44fe0f9a36b5ad66848491c46
SHA3-384 hash: 034a3ab8ff352b2e723b8783d2c1a674b1b9ae3b04b4efd69f5e93563c11b76895ab023fe95a507c901d68e79c406dce
SHA1 hash: ccb3342161da296e1d4df6afef4d94de680d529b
MD5 hash: 1227324f4e3802d3c937ccf83c42941d
humanhash: fish-april-muppet-steak
File name:ORDER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:66'904 bytes
First seen:2020-05-12 15:49:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5658bb00ac6a23c3b376633bd5cf4260 (1 x GuLoader)
ssdeep 1536:7H+e3nnpVYvUEmBbC/M+oB9s8NkqNasJ5C6gPYFwoa1rIMUfn:zf8UEmBbC/wB99NnasJ5bgPYFwoaq/
Threatray 5'117 similar samples on MalwareBazaar
TLSH D663D411B2E0553BF1B7EEB1EE7A8AE501657C382D17844B69543ACB5B31602EA7C333
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.facetohen.gq
Sending IP: 49.12.110.92
From: 최규성 <ekki2005@hantop.com>
Subject: Budgetary Pricing Quotation Request_Brazil NW LNG Energy Plant Project
Attachment: Budgetary Pricing Quotation Request_Brazil NW LNG Energy Plant Project.IMG (contains "ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 08:53:00 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=shgkwvncieus6em6ihcviz5qr7kp3lpej7qpti3llllgqscjdrda._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1de9da3a2c6effe9e9eae16a0d70fc19c633e479073f308a666665b0628e866b
GuLoader
3ccf8c8e41e08d5a8152659ca2cd6348a15c126ca4571129d4a118de63d45f80
GuLoader
47f80b494b4feb2ae4e346836ebe6e4b1b8137e7c20ff4668c020e35e4f45000
GuLoader
54afdaff6d05973b7c58978614f80dac9060bca2ef2f0e1835fa05b80e3da626
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
8556575140ee35421e573d86cf9e34e1062e3e6718e7c7b0059de1502b6d6d61
GuLoader
b76aeb95000673c2d56341cdf6b6331f868f6e1e0ab5da4e6ca0b2b399361658
GuLoader
c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348
GuLoader
df2bbdd833be8896f46c8660acfc9da2711f2a75d8338240b781fc6ee3964f9e
GuLoader
+ 5'107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-tsqdvjmexe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img bd80b0a4eb0c9390f0ffdafd8348b9d001fce9bf5a54fa90266997047fce5552

GuLoader

Executable exe 91ccab55a241292f119e41c55467b08fd4fdade44fe0f9a36b5ad66848491c46

(this sample)

  
Dropped by
MD5 0ec76f68d0f32a86aecb906c60a5c897
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bd80b0a4eb0c9390f0ffdafd8348b9d001fce9bf5a54fa90266997047fce5552

Comments