MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 c8bdfc9eea22464897b3dae7829464348f27a1ff1989cf33d1de95bc0a99527f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 4
| SHA256 hash: | c8bdfc9eea22464897b3dae7829464348f27a1ff1989cf33d1de95bc0a99527f |
|---|---|
| SHA3-384 hash: | be18a952d17bb5f37487b2a49a0b3dcf5cf6ad1c53a1cfef4dbcb568e5743313b51d53c0b3d964fa518828f609d9fec9 |
| SHA1 hash: | e53eeb72d63ee05a547359d7167977017797dfa4 |
| MD5 hash: | 31f6fc01634b11305bbc589a22c7c0ce |
| humanhash: | speaker-hotel-nevada-neptune |
| File name: | ORDER_NEW_REP USD 60, 000.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 77'824 bytes |
| First seen: | 2020-06-08 09:33:19 UTC |
| Last seen: | 2020-06-08 11:12:29 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 1b7278132169b195c837345b16b5783e (1 x GuLoader) |
| ssdeep | 768:cysfNpuRnnPilTjATMg6ex7nfUf/Z99gZTkRXQJtEWx4Be3KOG4TZzLgq05ooV53:cysFY6TjMH/fUfb9gZ0goKKX4i3 |
| Threatray | 5'277 similar samples on MalwareBazaar |
| TLSH | D073AE276C08C542F04486716DD3CB8A22177E289E425E873A595FEFFCB46D2ACA021D |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: loadmastermalawi.com
Sending IP: 92.118.190.233
From: Anton<operations@loadmastermalawi.com>
Reply-To: operations@loadmastermalawi.com
Subject: Fwd: ORDER_NEW_REP USD 60, 000 Thailand Urgent delivery
Attachment: ORDER_NEW_REP USD 60, 000.GZ (contains "ORDER_NEW_REP USD 60, 000.exe")
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1PXTQXT9W6YDfD8k4aUah-q6N9G2isZwi
Intelligence
File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Gathering data
Threat name:
Win32.Spyware.FormBook
Status:
Malicious
First seen:
2020-06-08 09:35:07 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
2/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 5'267 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
8/10
Tags:
persistence
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.