MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8
SHA3-384 hash: e74ead216bb938e24dd5743100cfc01c5540b41ec9698e77ea73d4aab957c79a9b87e0d1fa384d690dba48c22cbdf6a7
SHA1 hash: 588deb87e23f9a7f1d902828c4f1cbd82c85b9b2
MD5 hash: a257af6b9f676b3ff9f6dc9bdc493c2c
humanhash: victor-november-tango-blossom
File name:Alleviatio.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 13:38:18 UTC
Last seen:2020-05-26 15:24:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c845ff936f5312572961f26ee5a714f (1 x GuLoader)
ssdeep 768:fpahH6YBe8Ek4y5s3gHuP9lWpYvCE0uGkUGJpjixERYTFcGNBrEb5TfJEZ:xEzFEk4yiwOF0pYvCVkhYT5NBrN
Threatray 5'117 similar samples on MalwareBazaar
TLSH 87B3D617B58DBCF6EC308FF14A7199752C26BC34A8104B07BC48BF5D79B66C9296930A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: srv.ee.com.tr
Sending IP: 185.99.199.145
From: Eng. Ossama Ismael <xx@yy>
Subject: RFQ# 20345
Attachment: RFQ 20345.ARJ (contains "Alleviatio.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uGIRxU1Rh8xwS-O5w0Sq1ILPMWoUkKja

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4946/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AE.10293.18128.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:35:57 UTC
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b
GuLoader
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
29bcd4f06dd92b104f47acf511a47742f03d7eca0321ad099c964954416f821d
GuLoader
3bc915766b79fb4fdf2e636cfc46b1df5787c2fdc11fb540a65cdda079f5bf1f
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
GuLoader
b042e4bdfe19df2aa474fd5e2294aecc9a07d447c96466db7a7e20316d885634
GuLoader
d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba
GuLoader
d7dda9d5e3557a57d63b4fe02c26f03f135e4810bfd2fbe9b44f5190384385ae
GuLoader
+ 5'107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-k6wayxqxke/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 886121e269b62ee48580e67188589861acc64e48079182dd744f2bf5a62ed6f4

GuLoader

Executable exe 5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369175/
  
Dropped by
MD5 5e5ece23a958c7ef48446d92296fd36f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 886121e269b62ee48580e67188589861acc64e48079182dd744f2bf5a62ed6f4
Cape
Cape
https://www.capesandbox.com/analysis/4946/

Comments


Avatar
CAPE Sandbox commented on 2020-05-27 10:13:41 UTC

#Formbook

https://capesandbox.com/analysis/4946/