MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0df0a487b38b5d9bdbc8e2c05ba4c639dfe09969f5f68c85da43b46c16a48f6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0df0a487b38b5d9bdbc8e2c05ba4c639dfe09969f5f68c85da43b46c16a48f6b
SHA3-384 hash: caf0539a3842e056256942f2f70fae2d42394a147de454512442bb01f2f2153c40a0f4f74d28b93f125e0a5c5e095c30
SHA1 hash: 5ddf3b563a362b47af970eadb69f46d7dd5b5209
MD5 hash: 7dfc2a452ed19b7fa281b5108040c8ca
humanhash: cardinal-delaware-sierra-blossom
File name:document02.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-06 19:33:45 UTC
Last seen:2020-06-06 20:50:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6efdc8899aa182fac3a0ce9ea8469164 (1 x GuLoader)
ssdeep 1536:DKDrdLtwRUW6VOPwDwvPVzxbrzVpfjo78Ki8QCv2:D8rdhOCOYEF9rrfw
Threatray 5'098 similar samples on MalwareBazaar
TLSH 9B838D03AD19C451C1D94AF03D73DE992B27BC285C415E5F3108AF9EEB34697A8AE31E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.evstones.com
Sending IP: 45.95.169.27
From: Nicole Gapes<info@evstones.com>
Reply-To: gapes.nicole@yahoo.com
Subject: Property Purchase & Leasing
Attachment: document02.zip (contains "document02.exe")

GuLoader payload URL:
https://rainbowisp.info/dot/js/piro.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6865/
Detection(s):
Sanesecurity.Rogue.0hr.20200606-1905.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 16:47:32 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxykjb5trnozxw6i4lafxjgghhp6bglj6x3izbo2io2gyfver5vq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00983a8176276beea115d21fef7919c49b29b96d78dbc2151cc04cc7d8c95b35
GuLoader
03cba0b3813108ec932306f5aaa9d152603a834b9caf3c601722a9cda41ca194
GuLoader
4fd6cfb4c08338e8b3a6ec64118aa6ad90350e865e90365b5b700aa41908b984
GuLoader
5bc45e4356d18725afcfadc81b15317f2144140baa77b893a8732acdc689f43b
GuLoader
7a42a2ba28ab9ea27b4972e5a8f5c5c066663e3d6427812f0621208bef33ea10
GuLoader
9a4f12beb7153b4365384e8918afda0d14d33bae8fa32ce8be01c4dcbf08529f
GuLoader
a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77
GuLoader
b7080e861acf13e24b0f995a17697390e262fd128de58e12e99074531ab3963d
GuLoader
c7949573443efdf9faf7bdd96422dd515bc3576d8fce3091776333047524d1a2
GuLoader
d823d3c8c26635339f3de0090fb21441f5d2f4db1a0567b2028ca8e3e7f5670e
GuLoader
+ 5'088 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hhzkhr16w6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 87183fcac03b924e3982587e9a91148158deefdd532f176cc73611b9657fa804

GuLoader

Executable exe 0df0a487b38b5d9bdbc8e2c05ba4c639dfe09969f5f68c85da43b46c16a48f6b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379344/
  
Dropped by
MD5 1d400c290dfb5a329ece06927159cf2e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 87183fcac03b924e3982587e9a91148158deefdd532f176cc73611b9657fa804
Cape
Cape
https://www.capesandbox.com/analysis/6865/

Comments