MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 190d8b4baeee83f2a23ce8ed96cc57ce538bbbbed88e69bdfe131ba7438bf3cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 190d8b4baeee83f2a23ce8ed96cc57ce538bbbbed88e69bdfe131ba7438bf3cc
SHA3-384 hash: acea1c73bcf26862eef3ba3b34fa0d4b4767705f86edb5f6e1f568380a7eed5ba96c20560ded627063098c7bbad8d02b
SHA1 hash: d97ea92a70e7d2efafd764f2cc3dfc5688038c56
MD5 hash: 01441cf5f1ad84722d72fbe38547e529
humanhash: uncle-hamper-hotel-oranges
File name:blgeslagenatterminalrekl.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:32:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 580251280e6086995a078692a8d95bf1 (1 x GuLoader)
ssdeep 1536:2ZPvWSQpMOW9//gtqzA4bb2fC/3pTHF0KMm7Mr5yPpuc2b4vOMrXT0qMS2LUt:YRQpMOK/2qGi7EPBbcrZ
Threatray 167 similar samples on MalwareBazaar
TLSH EB143A22F296DCB2DA4955B0DCD2F9F41894FC1ACD12892B36C17F2EB275182ED25327
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.tancorp.id
Sending IP: 103.5.50.59
From: Marketing Voda <marketing@vodaindonesia.com>
Subject: Quotation.
Attachment: Quotation Doc.zip (contains "blgeslagenatterminalrekl.exe")

GuLoader payload URL:
https://mncarteam.com/wp-content/nigga_EyQiIznCHu176.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5826/
Detection(s):
SecuriteInfo.com.Artemis01441CF5F1AD.14059.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 05:49:54 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
GuLoader
15d5be42969f8c721f755e17bacdce7a02d12838134d441b1a99bcdee928bd85
GuLoader
1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f
GuLoader
1ea235444a0510aeabcc31b2092268c3d0d12d82130ad2cb4b9024246e54186b
GuLoader
2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
GuLoader
4e14841c96a09f5850d1cf5fcb3526714c22d7174e3f75c8a309d8db36ecef93
GuLoader
6a6153c0ed8295d63f23fae313939e61eb3f94cd61f7a34a22a6557318f032f1
GuLoader
742fa567f6c1b57e2d73442cd06817027e09ac33b4cbdbafef0cd462e9bf6343
GuLoader
9611507e92379601368f95c9f9fbc933ba13114fee020ea12d19e6a43486bf6c
GuLoader
ebd6a36a1a04c51f11cf2bdddb5618da42e2839c1507e34e604627ae214c8e58
GuLoader
+ 157 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-t3s9xzgj1e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 9616933ea2c75ca49afdd9e514c9888b15894f2fffb0723fffc0f4ccea44ac00

GuLoader

Executable exe 190d8b4baeee83f2a23ce8ed96cc57ce538bbbbed88e69bdfe131ba7438bf3cc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370295/
  
Dropped by
MD5 2d80964e15fddf860fd622a3fb67d0d4
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9616933ea2c75ca49afdd9e514c9888b15894f2fffb0723fffc0f4ccea44ac00
Cape
Cape
https://www.capesandbox.com/analysis/5826/

Comments