MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88c0ef97b6edb3f676523e57ee95a23604efc28ef3a9db916c2123c793b44571. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88c0ef97b6edb3f676523e57ee95a23604efc28ef3a9db916c2123c793b44571
SHA3-384 hash: 2bd0a93b9efad049cf925673606312b3d573fd24ae4c950b196f4fd0ec517dca994a138f892798d14dcb3f8beea83364
SHA1 hash: a6c8f4c53707a76def449f1ed54c534005d603d7
MD5 hash: 43646f4245d1d87318c6569991bbf590
humanhash: cup-ohio-quiet-robert
File name:IMG_Memo _ Circular.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:03:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 759480b4040d47816548c0055d1c254f (1 x GuLoader)
ssdeep 1536:KSPfxV40g8mSkkgrKHxLdGKc+o0FDHdZ1gIL7V8nUEgPgNUMs:7PXgs2KVdhjFD9z317
Threatray 5'133 similar samples on MalwareBazaar
TLSH E9B36C03EC8D8653D0548BBD3D179DB93A2CB91949001FEF7179AF9BAE312812C9B15E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: victim-domain
Sending IP: 193.142.58.27
From: victim-email
Reply-To: accounts.ds <wiz2018@bk.ru>
Subject: Fw: Latest Company Memo / Circular 2020
Attachment: attachments.zip (contains "IMG_Memo _ Circular.exe")

GuLoader payload URL:
https://tehrimfatimaassociates.com/wizzybin_hngHKTPpU108.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6465/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 23:11:00 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rdao7f5w5wz7m5sshzl65fncgyco7quo6ou5xelmeer4pe5uivyq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
0098bf2ef8230d9bb30b451868272ffb271fe63a8c248bfc9ce569991c19f279
GuLoader
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
179043e8eb7c06144c67f58b2c2900ad10303862c0e5cd7e1fe5a4faf853f103
GuLoader
516af190e411859eafe3334997490013f00b0a6199ef034a584df640a3993440
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
792ee40918c1cb2ebf202212c5f5bf3f1c945f18e60a93ebca0cd3a9f6bc77cf
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
GuLoader
cec2f9996977f945ffbdd5624170b6e1daa151aaab1e5d9aea7a5566f5197dde
GuLoader
+ 5'123 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lfq9e6sma6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip be0e214b44517652bc0068f9ea3d78e8b03994484b40dfe294f5a81acaaf9b5f

GuLoader

Executable exe 88c0ef97b6edb3f676523e57ee95a23604efc28ef3a9db916c2123c793b44571

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378971/
  
Dropped by
MD5 66ad74f9a769d4c96b9b8882834a82da
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 be0e214b44517652bc0068f9ea3d78e8b03994484b40dfe294f5a81acaaf9b5f
Cape
Cape
https://www.capesandbox.com/analysis/6465/

Comments