MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e9436dd99ea0f6ac9dced7c1569a426ea51c32f3551054704e30797a66feb8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e9436dd99ea0f6ac9dced7c1569a426ea51c32f3551054704e30797a66feb8e
SHA3-384 hash: 7ebcb998019f7dfd512d6541139d94af9b4c1bd63d9d39d1a858e5e01abba066035bef28cd926962258105e8d593651d
SHA1 hash: 93c18634afa2eed44052993159635eff23e4f265
MD5 hash: 166302740fda9de1c944903777fe4972
humanhash: grey-lion-kilo-tennessee
File name:order and invoice.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 09:26:13 UTC
Last seen:2020-05-27 10:44:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bdbe03f55cb4d424c17eaa0e2976f2ce (1 x GuLoader)
ssdeep 1536:4GZamlQsfR/aac6haWdTkvKVSsPmw7J3gys+sw8rvOSRUHGAUiXAoYNn:4Q0alLdgvwSsOw7JQXfrvrGGoYNn
Threatray 221 similar samples on MalwareBazaar
TLSH 9DB32A43B8D48CF2D964CEB009829AA57D7EBE7129815F0F3840B60E35776D16AF33A5
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5693/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AE.4057.29198.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 09:35:59 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
28de8f6722499072f48c519ac1b2f318f56f1a800fb3db515d0700d5f4b1db50
GuLoader
70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
GuLoader
8f09e2d15730d4a4e19876b7d4f284fe43494e761824081dee255c677630f8e6
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bfd12725c557e1a9992dccff4257290adec43be6315f68471af0d26c9fa662ad
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
f923c5ce0a44f73f86dbb04d02905e0e0068d675f6095680b41d904380800e17
GuLoader
+ 211 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-12nxq5svej/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 8ccecade09d2952a1ff3f55c1e2b7a770e5c7eb9b7f5c88e43fd3d21afa4ef0b

GuLoader

Executable exe 3e9436dd99ea0f6ac9dced7c1569a426ea51c32f3551054704e30797a66feb8e

(this sample)

  
Dropped by
MD5 8a4dda929cdc268e459d311628074d62
  
Dropped by
SHA256 8ccecade09d2952a1ff3f55c1e2b7a770e5c7eb9b7f5c88e43fd3d21afa4ef0b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5693/

Comments