MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a48a4027eb05b188d2cdb83f220a3160c9b5c9006df53306bbf5e4ad9ec55c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a48a4027eb05b188d2cdb83f220a3160c9b5c9006df53306bbf5e4ad9ec55c2
SHA3-384 hash: 11ec4e90c648cbca0446e5e401fb68505582c469937846f4bb01a474bd2e3d86c23e960746ebe701e6411542e6c810ab
SHA1 hash: da0f1598197982117c80a12be2af6a10e811f46f
MD5 hash: d0f9f843b3fa91b94c0e713d1978e99b
humanhash: jersey-north-triple-illinois
File name:SWIFT87532232.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2020-06-04 15:54:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ba76ead97ceb7f3e10580af5ce64e822 (1 x GuLoader)
ssdeep 1536:BrcnME0lTuDynUuhkaq8vvvSlA6jHHwdh3w+GNr/3PEW5vRwChkuhgubcWqJurOY:pfEcuDynN8DjHotk3PV55hkXujXE4f
Threatray 5'122 similar samples on MalwareBazaar
TLSH 07C36B036D9DC742E10049F13C234E6D3E27BA1C9D819E6F2146AEDFED792516CDA21E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server0.dessertmeesters-nl.com
Sending IP: 192.119.84.95
From: CitiDirect (International) <bsprima@citi.com>
Subject: Payment Advice-BCS_ECS9522020021121440056_2425_952
Attachment: SWIFT765335.img (contains "SWIFT87532232.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=B1239884E2DEB3B9&resid=B1239884E2DEB3B9%21652&authkey=AFsw5WahXO5KwjY

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6566/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 09:37:22 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bjekiat6wbnrrdjm3ob7eifdcygjwxeqa3pvgmdlx5pevwpmkxba._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1acd132956421229e7c8fabb1001381956ff135d042b339f2871763498896d9e
GuLoader
51b2fe7ed5d6da110fe512ac143f26b29b8819b25f4540e93825d310d60d2511
GuLoader
6dcf4557563343e881daf4b7d7b01e372457cee637ac001a1102a2e67a69cbf8
GuLoader
7917f62cb4f64cd00ecd938bca8ce2bce08454813b608efca9dbac82aa9758c2
GuLoader
846da150185354155686d4f5d45ed5d0791cb8a97769e73e38a33c4d43c75db3
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
b42bb3af52ae6b9fc8dd890fea86abad727db5ae0647217d2f5f2035bc5c2c7b
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
e04b0836667f55bcc1778c62761c99af52cb5c42c14cef3962531512def2944b
GuLoader
e6d371badc121f232f4305f3a50f0a136d1b7edbc3337414ca692c26ae41986c
GuLoader
+ 5'112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-9pj141zaq6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img e79108c62151b6015c3d8507c187f3dc2d94ca7850ea2f51cecc08fb3086f4af

GuLoader

Executable exe 0a48a4027eb05b188d2cdb83f220a3160c9b5c9006df53306bbf5e4ad9ec55c2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379333/
  
Dropped by
MD5 09617cfa77ff58b921db4acd85baeb9a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e79108c62151b6015c3d8507c187f3dc2d94ca7850ea2f51cecc08fb3086f4af
Cape
Cape
https://www.capesandbox.com/analysis/6566/

Comments