MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
SHA3-384 hash: 4bb5dae77bcb55e21f5256133de7dca6682dc243b40aa161cae95b2026786c3cf3105400588956669bef29e83528a88e
SHA1 hash: 7e8e4f36e62dfa6fbe8287479a6bb43604e3e06a
MD5 hash: 8372d11946eb3897d7ca0959bd434fac
humanhash: wolfram-cup-purple-virginia
File name:Tender For Medical Supplies_642020-0723.xlsx.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:02:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e11826f41e83447ba806e661641fd40b (1 x GuLoader)
ssdeep 1536:mXmSPfxV401m2UmVkgrKHxLdGKc+o0FDHdZ1gIuYccQnQwEvQ5YKC:gPX1m2UyKVdhjFD9zrn9YC
Threatray 5'121 similar samples on MalwareBazaar
TLSH F2B37C07EC5C8663D0844BBC3D238EB93A1DB91D58011FDF75755E9BAD312822CAB26E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mails.cesosenintl.ml
Sending IP: 193.142.59.85
From: Ashley <ashley@jaberson-technology.com>
Subject: Fwd: Tender Kampong Bahru - Invitation to quote pharmaceutical and medical equipment for the treatment of COVID-19
Attachment: Tender For Medical Supplies.rar (contains "Tender For Medical Supplies_642020-0723.xlsx.exe")

GuLoader payload URL:
https://qif.ac.ke/komi_yUyfmoyRdV90.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6454/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:41:38 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e75kvsskzokvaegxxdawozffg3aecsps2mzptfti237w6kjl7qqa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
1589c05dfc5d8d25d7e959e05dc7b34ff4c82406cf48b21dd008de8364a745dd
GuLoader
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6
GuLoader
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
ba3486ddcb815a5bfae81495f4f48576968b3d6de9f42e0d4358824d7ee583bd
GuLoader
c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
GuLoader
ce86a2218eff30dae2862d460329e65b67d6828acc82ad220ec584f419c30599
GuLoader
+ 5'111 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-99ftdkdxge/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar acc32b0602c183a14026db5cd428a41c65b4817730dc352e1c7c1a1f439627f6

GuLoader

Executable exe 27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365819/
  
Dropped by
MD5 503a1cd9f1d4a526fa682c82fa54ef8f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 acc32b0602c183a14026db5cd428a41c65b4817730dc352e1c7c1a1f439627f6
Cape
Cape
https://www.capesandbox.com/analysis/6454/

Comments