MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c81c72186965fd22cb55f1b0e4d9f455dbbf279dad35d8ce567bff28e135fd34. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c81c72186965fd22cb55f1b0e4d9f455dbbf279dad35d8ce567bff28e135fd34
SHA3-384 hash: 7785b7103580b2046ad86ff2e3a7b6bbf79ffaf4b6400fc26df38cc343f8d3dfa6d503f6a57208b1480b8cf726175b79
SHA1 hash: b2f60c2f4c953cb39f84a7ac26ebdd9d7ab76e55
MD5 hash: 2d288b813193b3ee47eca804e407a2e4
humanhash: july-fifteen-friend-uniform
File name:Ourchase Order #5122020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 11:52:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9d11bbee029b5e20c45675d5c4ba6547 (1 x GuLoader)
ssdeep 768:LZsK9Vpwx4v/U6AoT2tCDLn5ketEzH1UiqfGD00zfrqMZAu6zNy:v+xCDAoatGj5ketEj6fGY0zfrqMZMs
Threatray 368 similar samples on MalwareBazaar
TLSH D4834916B298D267CE194EB01F61E6E8012E7E301EA5C907F5C93B5E1B37A50F62132F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dica.am
Sending IP: 45.35.196.137
From: Amanda abzianidze<KSokhoyan@dica.am>
Reply-To: KSokhoyan@dica.am
Subject: Urgent updated Purchase Order
Attachment: Purchase Order 5122020.rar (contains "Ourchase Order #5122020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.23191.11594.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 12:42:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zaohegdjmx6sfs2v6gyojwpukxn36j45vu25rtswpp7sryjv7u2a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2d1f82ffe2e3ab1a52e3b34e54126ca063cb8b84424138d77338c106950c22ec
GuLoader
302b22ef958f04eeef47eaef2fe2d2fd062a17c16683ec8f2cf0b899f19c2acb
GuLoader
3700f2c5fe27c80e41984b2a55f236655a09f0781c05b265bccb26165318d78a
GuLoader
61e4815609e7e61d192053a312222c33982898384568b4a217ec4602b5e1952f
GuLoader
7e5b0829c6ff31260033e79d4172ef09efa4c6667a99c97b8ec82d614a68a241
GuLoader
9e22f04ea9205b5c5cb910ef9be7709b38b189a3d34384baacff53c754ce95bb
GuLoader
aeb1bfcef382789091e72e2d6cae6e471123d0e8e7a5f39c64abf5a3d9a4eaa8
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bb38441f00e31c053e8b96617edb3125104e243f5409757a3ada8d9977fd2c34
GuLoader
cbf644b3dc49a4148301cb941e3b693615a3e2b61169fc62a23fe59184297a1f
GuLoader
+ 358 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qft1q8bdhn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

bd3de7442ede893be74f521be645852b

GuLoader

Executable exe c81c72186965fd22cb55f1b0e4d9f455dbbf279dad35d8ce567bff28e135fd34

(this sample)

  
Dropped by
MD5 bd3de7442ede893be74f521be645852b
  
Delivery method
Distributed via e-mail attachment

Comments