MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 770dd4f21e05b0212382997ba4de342c4afc663c2867867432ca06cc9e93bbba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	770dd4f21e05b0212382997ba4de342c4afc663c2867867432ca06cc9e93bbba
SHA3-384 hash:	87311b3f6f714580e804d2b00c37824286c3d16e71c65b41a606d8ee8946239b6db2d878197b3661b7e9c637252a1983
SHA1 hash:	110fcecbfc14df6da14831f16e2460a50ac0f832
MD5 hash:	47e61565d91bfe8c79e51c08dec87bae
humanhash:	summer-carolina-fruit-emma
File name:	New Company Circular May 2020.com
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	192'512 bytes
First seen:	2020-05-28 07:06:06 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1c0b4ec1bbd96a1c21aff8785e6e40dc (1 x GuLoader)
ssdeep	1536:wS4UhD8HXNDhRBfjkJWoic4tSqCchxV2y0Uzrms9Vrvnxf/w2FbzzAhl:4UhDKB8WogtQchT6UmKVFC
Threatray	5'317 similar samples on MalwareBazaar
TLSH	CE143A33B76ACCA5CA8545B0D9C2C4F414A1BC15CE038D2B37D1BF3E35BA096AD66636
Reporter	abuse_ch
Tags:	com GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: victim-domain
Sending IP: 193.142.58.53
From: victim-email
Subject: Emailing: New Company Circular May 2020
Attachment: New Company Circular May 2020.zip (contains "New Company Circular May 2020.com")

GuLoader payload URL:
http://pashupatiexports.com/bin_hzgJnJgi173.bin

Intelligence

File Origin

# of uploads :

1

# of downloads :

79

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/5797/

Detection(s):

Win.Dropper.Noon-7585277-0

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-05-27 22:25:06 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

17 of 31 (54.84%)

Threat level:

2/5

Verdict:

malicious

Label(s):

guloader

Similar samples:

006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b

0098bf2ef8230d9bb30b451868272ffb271fe63a8c248bfc9ce569991c19f279

08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f

51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0

52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b

783c6835be34af1803983890ec14e1edb2ac7cef4442dff43cddb719d97236b2

9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765

e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65

e6d371badc121f232f4305f3a50f0a136d1b7edbc3337414ca692c26ae41986c

ee4ae13d3fd3b58d86e270db11937476b4b7add1673983c2c28ed4d7dcc75552

+ 5'307 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-zsgwx3w14x/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 3359948c389f63bc1f2c03133cb7c276289bcc4a4c2df16b8e86729eba76688f

exe 770dd4f21e05b0212382997ba4de342c4afc663c2867867432ca06cc9e93bbba

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/370269/

Dropped by

MD5 37604109c45937635d83da8598551d14

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 3359948c389f63bc1f2c03133cb7c276289bcc4a4c2df16b8e86729eba76688f

Cape

Cape

https://www.capesandbox.com/analysis/5797/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample