MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 494d5e5f87c9552bce9a4c255ab358cabb144982fca06703255e0ec791626865. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 494d5e5f87c9552bce9a4c255ab358cabb144982fca06703255e0ec791626865
SHA3-384 hash: f85c6101cf49a9b88f2ad42e32de9428a6a59f5412d5368295a3c42d94d07dc0dc5dad88dc575cb747a80ad98a836e3e
SHA1 hash: 399b8495fad4f0e456bbff1902b4d5fbc9660d51
MD5 hash: 4c13eebfcc4a5654a45c0eda27773b77
humanhash: double-fish-helium-four
File name:Udpantning.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-06-08 14:47:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 84c4c14dfdde9c7d1080d631406c2676 (1 x GuLoader)
ssdeep 1536:eCuRtStyAfgmA/w8FZriaPQC3+yboivUe1tmHnzl614:WK7gP/ZldoEq
Threatray 5'318 similar samples on MalwareBazaar
TLSH B8837C177A18C102E10007B42CF3CE652B7BBD5A49C16F8F6985BE5FE87735278A622D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: loft11155.serverprofi24.com
Sending IP: 188.138.57.207
From: naivasha@capyei.org
Subject: New Order #PM0158
Attachment: POPM0158.ARJ (contains "Udpantning.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=15xPGmz8SkqXgoMEABNYey1kQvFJni_x2

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7066/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 13:44:58 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jfgv4x4hzfksxtu2jqsvvm2yzk5rismc7sqgoazflyhmpelcnbsq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c2430af1c4b999dbe4534676db7718af6f44afb11335ff574bb82e38e637f9c
GuLoader
1a96662a743a681756e4ae5ed7a3d259cca5a50725413698c1769939a950b455
GuLoader
40e20cc321623df3271e2ea7cbe75f647096a8a30737d21d0ef8ddbdc33a7f49
GuLoader
41519f4cbc28650e8151b62f9a6b9503274a80d6dc51bade4a118812742e63ab
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
GuLoader
9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737
GuLoader
aa7cc20a00c3eeaeeaf4ddf79ea3dd717320050777ce67afe196afc443c0ac60
GuLoader
c2fad0ca69171eabf05cff3020af18e45b34558b660e5197bdb4c0c072c9cdde
GuLoader
+ 5'308 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vzfvdczbd6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 50675f0a55edde7d6cea42349f52d0116e22096bdf646e397c56b77bb81903c9

GuLoader

Executable exe 494d5e5f87c9552bce9a4c255ab358cabb144982fca06703255e0ec791626865

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383144/
  
Dropped by
MD5 1ee1fd173f5b141897e73e2ba5657e7f
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7066/
  
Dropped by
SHA256 50675f0a55edde7d6cea42349f52d0116e22096bdf646e397c56b77bb81903c9

Comments