MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3e8b7ec008c3b5a14ac57fe76b4a53eb4a1b90ab28d38effd051317b2a9fea7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3e8b7ec008c3b5a14ac57fe76b4a53eb4a1b90ab28d38effd051317b2a9fea7
SHA3-384 hash: 403bb62f3909ec372b32ba3fab1aea5043cf8399fbd763ac2fa9e096912b550eca00a03dd9b6aff0e5c9538d1f155e0f
SHA1 hash: eddadd9667730a3690daa485aed16e9352776a6a
MD5 hash: 93d66bc7683da401fdb0142f01190529
humanhash: mississippi-fix-foxtrot-sad
File name:NEW PO ORDER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-02 10:59:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d27146df063a072c84aa4796401cecc7 (1 x GuLoader)
ssdeep 1536:NFO8lLNHX2dNBg/7ylLlRB6LPbXQ+hsWY3:NXqAylBajbXQ+hsWc
Threatray 813 similar samples on MalwareBazaar
TLSH D7834B17ED4CAA12D12186711D2BC7EA2F117C1889821F8F344EAE6BBF317B16C6D60D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vmi300166.contaboserver.net
Sending IP: 144.91.70.17
From: bijay@bnstaccountants.com
Subject: New june Order PO
Attachment: NEW PO ORDER.gz (contains "NEW PO ORDER.exe")

GuLoader payload URL:
httpW@hhrem

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6044/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 18:57:56 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2pulp3aarq5vuffmk77hnnffh22kdoikwkgtr375aujrpmvj72tq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99
GuLoader
59b0be610123d4bcb4e6dc0a75a4ea3cd807b5037596711d9e263578a86f6384
GuLoader
6003f5ebf56f10a6007b4d43955870486b11c0329f5f2eb172f21a73f9515860
GuLoader
620bfbe0f869898233f419f10b20049d0447d2e47f31d59e403f1d542912b68a
GuLoader
79afc9b39ba7fe7dd6ed282d39eb915bb47271d552177f62c6606b99901f9cd2
GuLoader
8712ec9f1fd88bada735706782cdab6d85f3bf22bda07e5286ab587da519eca8
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d71832fb38d0d47349178c16d2b961d4d2ffab05fd477f88e335fb60cdd21d0f
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
e874283490ec44e6cad0729867ee2441d0eb80d76b615455babebc7f5d4ec452
GuLoader
+ 803 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-y1ge7drcqe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip eb5b06a3e0354be2ee676f892ae5b9a681bd0db5163fac4c8376d7c1b29cf761

GuLoader

Executable exe d3e8b7ec008c3b5a14ac57fe76b4a53eb4a1b90ab28d38effd051317b2a9fea7

(this sample)

  
Dropped by
MD5 fcc8d704489407044368f5dccc2d0e58
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 eb5b06a3e0354be2ee676f892ae5b9a681bd0db5163fac4c8376d7c1b29cf761
Cape
Cape
https://www.capesandbox.com/analysis/6044/

Comments