MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 352837f7f48c65bab461ad1a4b907226f08604cf13390f8e187daf08e0da7aa5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 352837f7f48c65bab461ad1a4b907226f08604cf13390f8e187daf08e0da7aa5
SHA3-384 hash: d8ce55a3cbec39f87c95bab875f7c97a5fd93c5dcc89e322f8c47401c18ab4d85ae6482cba5bb9a45c556531fdcb456e
SHA1 hash: ecf60b02b7d01bd4be148d4a2286d17614538751
MD5 hash: 599fcd5853a547b8e0de5f93abdeb1ca
humanhash: lion-victor-black-coffee
File name:Document.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 11:53:27 UTC
Last seen:2020-06-09 12:48:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 62d46b3b865379717a44c7a2c77e8f7e (1 x GuLoader)
ssdeep 768:bstQGMjJvbviBVGYAhliqAXsBcMg/ksbrG/e+yOeR75kTNkeuvJnNLq3xY:bUQG0QGrliB/ksbBekCTNkeuvJnNLqa
Threatray 5'110 similar samples on MalwareBazaar
TLSH EA73D61B6C299D2BC1E52FF06D26A496130A2C04BB542A6B159CFF7CF7704E23DA7706
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.herwinservices.com
Sending IP: 45.95.169.26
From: "Herwinservices Inc" <info@herwinservices.com>
Subject: purchase price
Attachment: Document.zip (contains "Document.exe")

GuLoader payload URL:
https://redlink.cl//DetaCotizador/conect/DS.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7298/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Trojan.lm.17150.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 11:55:06 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=guudp57urrs3vndbvunexedse3yimbgpcm4q7dqypwxqryg2pksq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
16de0aa2d02fae6460bb173c9104df4fa758343ab226aea79a3910dce19fa58e
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
77839da1c15d6390080afe07320af399a007d5b69bf4fcdf63fc71e795929cf7
GuLoader
79aeb20e06ed62c3986034328cd3a6a5e08eb617cba4af679112640f786497da
GuLoader
8e9f882576a66be70ed5bc204584037087f3bd53d13498126153fb7514f7dd7a
GuLoader
9c3dd49a5833197c8ded3093df9fa770129e196acf76de5a54ae3ae3e9580cb8
GuLoader
a492b017c3e12fe55493c562ed1304155616cb61b24f6dce0bfcd3eb7a7bdaf5
GuLoader
ad8c070c48103dbc11875a052aa0447395f6ddda11e3f9e8aed091f0bb14050d
GuLoader
afa8c23ac5d9fc6fbe15cd6baf1b64c40efd1c62c9ddefe88329d26551db32f2
GuLoader
b3b093d992d26b0d21a61a778598abd5dd87649a89f724c2798f60f9dc19de1a
GuLoader
+ 5'100 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x9vn3hqgea/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 91a93a77d9ca5790abac5cc5b59e3dfa4c6f323ec09e277d770f20722c7f5b67

GuLoader

Executable exe 352837f7f48c65bab461ad1a4b907226f08604cf13390f8e187daf08e0da7aa5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384567/
  
Dropped by
MD5 9e7da3094a87b45746b1706c68f0645a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7298/
  
Dropped by
SHA256 91a93a77d9ca5790abac5cc5b59e3dfa4c6f323ec09e277d770f20722c7f5b67

Comments