MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02067a8419dc011a977a7f84edb67c3b9e8925248f132d2ee863c5576a29a0b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02067a8419dc011a977a7f84edb67c3b9e8925248f132d2ee863c5576a29a0b9
SHA3-384 hash: 8160c0e194998a6a6a7b8fc9eb60a9330b77f2692f2f0ab4bf872cf226c74687a0409c1d16de85c970a08817b8e9da37
SHA1 hash: ab2b829b70d50810bf883c6531d67567f0d524c9
MD5 hash: 742c276393159e69859464d8997cd426
humanhash: ceiling-artist-michigan-fifteen
File name:file.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-08 19:00:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 690ce4b547d31c3ac42effb5f9263951 (1 x GuLoader)
ssdeep 1536:bRTuRtSY7LBiOwq5GwMZriaNauYaDc/U5CkfnWdyE66uJA:8rliIrYzgM5CgLZJA
Threatray 5'098 similar samples on MalwareBazaar
TLSH F4933E03FB068702E25A5DB154626BB47717582A08419B2E21EDADDF64F4B23FDEC38D
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.facetohen.ml
Sending IP: 64.52.164.226
From: Sejunj <michael@facetohen.ml>
Subject: Re :: New Project-Quota 긴급한 RFQ.
Attachment: file.IMG (contains "file.exe")

GuLoader payload URL:
http://slimbosahiyke.webredirect.org//uploud/5bab0b1d864615bab0b1d864b3/bin_INufP107.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7169/
Detection(s):
SecuriteInfo.com.CLASSIC.16583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 19:02:17 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aidhvbaz3qarvf32p6co3nt4hopisjjer4js2lximpcvo2rjuc4q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
1621dac1140afd3e3eed4b0f4ab0a93e81cd56c76e7532a0cc03d0b5a8dae04d
GuLoader
26578480a0124210e78362e63cb2fb0d2998a47e6b1d8f43cbe787caba1ac5b6
GuLoader
28ebdc57f4de0a5f04d5ac0c8f17996d257df911de9900c3e6db1f1e213383b7
GuLoader
34a88c5a15f36eb7b24dfb21e53185ffa67a04760533e9d474dd4de4e5331153
GuLoader
3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
GuLoader
c2fad0ca69171eabf05cff3020af18e45b34558b660e5197bdb4c0c072c9cdde
GuLoader
d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb
GuLoader
+ 5'088 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xpdgzrzxrn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 71b8d10c02a2aa2bca973189e1835162a4353e878b9d7edb32ea2376a3c221b5

GuLoader

Executable exe 02067a8419dc011a977a7f84edb67c3b9e8925248f132d2ee863c5576a29a0b9

(this sample)

  
Dropped by
MD5 56f5e50c235eeb89c1bc549f00aaee3c
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7169/
  
Dropped by
SHA256 71b8d10c02a2aa2bca973189e1835162a4353e878b9d7edb32ea2376a3c221b5

Comments