MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
SHA3-384 hash: 13472dbcf7fd65268a7c75cb950525d4ff5ae1ef0e440bff4fc0e49a95db01e1da91dd58e696bd8e024dd7f1d49f81a0
SHA1 hash: 991ed44dedb96b1b5f4e140334d70034dbffb6b4
MD5 hash: 53f1a33fe85f2688d3fc3de1aae29409
humanhash: quebec-muppet-lima-snake
File name:Holdningslses.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:04:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 61bfa415472dafa0931ac1a2234982c1 (2 x GuLoader)
ssdeep 1536:aEaSPfxV400eoFbC3kmgE7CNkgrKHxLdGKc+o0FDHdZ1gIphOZHy6L5K0MB+gu56:tPX0eoFbCUY7aKVdhjFD9zlwJ4r+i7
Threatray 5'147 similar samples on MalwareBazaar
TLSH CDB36C13EDAC8653D1044BBC3D638D793B1CAA1859005FEFB1356E9BAD712922C9B21F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: DUBHECO <chloe.jeong@dubheco.com>
Reply-To: chloe.jeong@dubheco.com
Subject: DUBHECO - INQUIRY(A-20026981) LNG VENUS / MITSUBISHI HEAVY NAGASAKI 2295 (IMO:9645736) _02232
Attachment: RFQ for Ejector.img (contains "Holdningslses.exe")

GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6479/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 04:01:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=abv3iuoheb72g5pgpilijklrg2sgx3vb752ode7ljo7wmzna5snq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3707f19a40b8b5196bf6bf35dab58bd6e0b586533f47ee4f803f9f991ec5a77a
GuLoader
3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
5962532a97c0efd1227d42aeddeacf09c0f8c8787e476e650d71ceed4ed52d97
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11
GuLoader
97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
+ 5'137 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-h3fw5s4nne/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 4944613443bed864f7e3f7eab5684d6ae6f7b4d11fe1e81b3488e9aed1b61fe7

GuLoader

Executable exe 006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378987/
  
Dropped by
MD5 625a7266bb42acbf99b229e7a674ccd2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4944613443bed864f7e3f7eab5684d6ae6f7b4d11fe1e81b3488e9aed1b61fe7
Cape
Cape
https://www.capesandbox.com/analysis/6479/

Comments