MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 893ef71a58da9c450161aa56fddb97cd0e9c377f94a55e1d71a42569ee085de3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 893ef71a58da9c450161aa56fddb97cd0e9c377f94a55e1d71a42569ee085de3
SHA3-384 hash: 5151c4c8e3b28f8ef6f15a3c423837e63f92103894721f4d884a7c55c4b46ff25c63bdc7eb2e227079d2e6d9b67ca06f
SHA1 hash: 55e6eb2373bba84a5ccf785c58b293b880b1d7a4
MD5 hash: bbef2e61308d0e0b15af08fc65852ce6
humanhash: alabama-timing-oscar-september
File name:VGM-SONAE-33714657_PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-22 10:33:15 UTC
Last seen:2020-05-22 11:46:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash eb6e8e5a2d6e9895a10b341184c10112 (1 x GuLoader)
ssdeep 768:8tDn4d/OquneYLztQai3dKcwJ7T6x8V5Z7Xt7Y8Lsigljsj7:ynAV8z23dKxTP/DR7
Threatray 2'346 similar samples on MalwareBazaar
TLSH 289328A2B1E9DC27DA340FB11D328A981667FE725E504A0738D73F1EB533519A932317
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: pkz49-4-spamexpert2.hoster.kz
Sending IP: 185.113.132.47
From: Triman Group <b.beisembaeva@shanyrak-group.kz>
Subject: BUNKER ESTIMATE - MV SEA HORSE 22TH MAY.2020
Attachment: VGM-SONAE-33714657_ZIP.arj (contains "VGM-SONAE-33714657_PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1rmBwfDK7lb6oqzUMm62NnzIS3CDh_9RT

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareitvb
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:01 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
lokipasswordstealer(pws)
Create hunting rule
Similar samples:
13393c26e42a0d09bbd796f3f9b5109dc0d2e7ff7bd7f4aac0aa0c879c5c123c
GuLoader
2215802f5deb432f07a1aeebb7eeeffdf18cc5a035b0315ea693b08a4dbf942d
GuLoader
5f8025bc323e672da091a43d6d7ddf8cc6d9e880ddefde5955d0cbafd0092c83
GuLoader
69e3e7a0726435f1d48dc9d56db3a3759fb038b9c8b7506ce48e5efc5460d839
GuLoader
7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061
GuLoader
803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9
GuLoader
85efd0b4c3bb6232c4e075e99c46574b564785b0bdfa1b8bd91805922d91cef3
GuLoader
b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac
GuLoader
ecab33f5998dc995c200750f575b8571ae2a9d00b8264ed557be2d651230064e
GuLoader
fa4d6e0887210c5f967d3349942cd846130e5c3c227e56cb0782ec4bc0d9bea5
GuLoader
+ 2'336 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-e3qdkj9856/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 00688178d1ba1ef0c0d542b601822b3990ddb2c9df7ecdd9871932d2682b0169

GuLoader

Executable exe 893ef71a58da9c450161aa56fddb97cd0e9c377f94a55e1d71a42569ee085de3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366487/
  
Dropped by
MD5 7ba88d70f786d5b0b24ad11c4be847bd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 00688178d1ba1ef0c0d542b601822b3990ddb2c9df7ecdd9871932d2682b0169

Comments