MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26
SHA3-384 hash: b2e2c978a8069364eb44a1fbf09cf1a014eab9126a62c239b6fac74f356fdf9c29ac09bdfa0836bce09ceb863f9bc669
SHA1 hash: e846b471970f9cec8018c1164ef1f170335ca60f
MD5 hash: 03d84c2efb63b002e4e3061ef2a37598
humanhash: colorado-hamper-high-grey
File name:Order118030620.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:29:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b589e154138236046acdaa7ba7d83f1 (2 x GuLoader)
ssdeep 1536:AwSPfxV40CX8kgrKHxLdGKc+o0FDHdZ1gIxg8swtPLgrO8kncGF/e:AZPXCOKVdhjFD9zlXVPncm/e
Threatray 1'068 similar samples on MalwareBazaar
TLSH 39B38B03EC4D8557D14847BD2D178EBA3A0DB90D0E445FEF717A9E9BAE712421CAB10E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-m24146.qiye.163.com
Sending IP: 220.194.24.146
From: Sales <shlaien@laien.cn>
Subject: New Order (top urgent)
Attachment: Order118030620.zip (contains "Order118030620.exe")

GuLoader payload URL:
http://legalpros.lawyer/wwed/biggrc_UZMAI73.bin
http://b2ainfotech.com/bwed/biggrc_UZMAI73.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6320/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:38:08 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6nay5hwad5arnivoa6ohbhxdyicflvtimgkroukhjw7ljgvxlqta._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
01f8e3741798998e9bd0a8870adba209817eaa9df6a14ab67875e8292a30c028
GuLoader
60c2a6a0bc12f4b6fd4ecb473d5de3d9de561ee3125055dbbf2d8ff12bb83f60
GuLoader
6c57609bd1a564ee9e0d10438b4a6dddde014c7caba0a35cc6317aab71ea5b9e
GuLoader
6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114
GuLoader
7c8b54cacdd83b95eeabcc825a195e5b46925fc0c91af6bdd9a9c5ff9005e29c
GuLoader
85b3b12892570a08fc7c60ad0f4788fb3a4a8d6a9b1cfdf79495b0586cc513d1
GuLoader
a4813ccf4c97f087ca7f2a12227496bbc8f5ef8b48f292981ac2504f2bc0f27b
GuLoader
ac4035cfb9c8a93c294fe1911bd4cd94ce403d8cdc301fa4bf113144b40d1245
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
+ 1'058 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-cmfag44fax/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1b3d7984eff5181bfc3c2e0479b5aa502e396817cd69aa1ce72837556dd3ae01

GuLoader

Executable exe f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376190/
  
Dropped by
MD5 0485455f71e29e2b675128e8a861bda1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1b3d7984eff5181bfc3c2e0479b5aa502e396817cd69aa1ce72837556dd3ae01
Cape
Cape
https://www.capesandbox.com/analysis/6320/

Comments