MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d720a410d804f04fbc099bc1cecbac2bdf37944a84662442fe98cd0945b59ade. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d720a410d804f04fbc099bc1cecbac2bdf37944a84662442fe98cd0945b59ade
SHA3-384 hash: 92b4193380def4aaa14c97c91ccc4ad71fde55af6fbd1de2e5aac802cec2f140d57388a79ef5f5bfd386e46a1a5a1d69
SHA1 hash: c0ef2097a5bed24e3dc859cf9e05243c165d6403
MD5 hash: 388ff1d5c2cc0af44a290f46d325193c
humanhash: cardinal-july-potato-black
File name:RE New Order Request.eml.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-13 10:02:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cb91016fd39644feb3bc5b99acb81163 (1 x GuLoader)
ssdeep 768:Keziv8+ph9PuTh4Hy3GMwG7BNAk3nfXHD6mlpI+JsBolPC5yiih2X3Xx3ZBUi0sv:DP+2iOEAfHpIFBcCj1
Threatray 5'296 similar samples on MalwareBazaar
TLSH DA930A12F1585926EB505A70DF28AFA8516BFC3425108D0339D5BE6D2F3FA47B27223B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: salala.com
Sending IP: 94.177.240.214
From: Icertis Inc./ C K Chang <c.kchang@icertis.com>
Subject: RE New Order Request from our UK VENDOR
Attachment: RE New Order Request.eml.rar (contains "RE New Order Request.eml.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.EKMN.4275.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 10:30:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=24qkiegyatye7pajtpa45s5mfpptpfckqrtciqx6tdgqsrnvtlpa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
GuLoader
3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec
GuLoader
6f06cf7295e9301a4358854569f7d53dcf77319a94a76b45e60ebc72b88c2087
GuLoader
9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
ce860f3976ba5df3c4465a4b60d12980677dccc961a9fa91555c7b9de14c3dd8
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
ec5b7c7c61e8282e08ca88732af9355470cf4c3ada79a3c25137fb16aa0c0b54
GuLoader
+ 5'286 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-826h3ppwka/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 24d70d1a41bf66215ce45fd074351b6c495032e72d5b0e7ec1d823d4b9269029

GuLoader

Executable exe d720a410d804f04fbc099bc1cecbac2bdf37944a84662442fe98cd0945b59ade

(this sample)

  
Dropped by
MD5 3b1f7bc74365e4b958003fdac469f92b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 24d70d1a41bf66215ce45fd074351b6c495032e72d5b0e7ec1d823d4b9269029

Comments