MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af
SHA3-384 hash: 296a3406cead3d5c6dbb5dc73de1d911722c1bfb1781e6cd44f2870c4330325e6802271c5aebf76b0b678e1b6b364035
SHA1 hash: 1d488211e8c40344f607010b895db06c1849241b
MD5 hash: bb8ee9b1843f4f481a6fdc2c2144a750
humanhash: lake-texas-cardinal-oven
File name:ORDER_9012.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:02:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ae4fdc8ac610ad2f58e38f53f8550ff4 (1 x GuLoader)
ssdeep 1536:xNuSPfxV40SET38dkgrKHxLdGKc+o0FDHdZ1gIqSInTyQQjj3i7s3kF:TPXS83wKVdhjFD9zZX5z+
Threatray 5'123 similar samples on MalwareBazaar
TLSH 50B36B07EC8C8A13D1404BBC2D178EB93A2DB95C49015BEF71396D9FAE316812C9B21F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: MUBARAK AL GHAMDI <m.ghamdi@yuntong-batt.co>
Subject: RE:RE: URGENT ORDER
Attachment: ORDER_9012.rar (contains "ORDER_9012.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=198sTkcPquSAvb3efOapquu4MpsdDGAlG

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6446/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 08:35:56 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sfrdoelobhscgocghcnxiefiztd6p34wydwzpq75wgnaqsmvasxq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
27379cbd39dae5d145ff292ffd71387a5508bba83997177272742b486cb4e662
GuLoader
31d1428b910df6a6b0bc62b597f5c4c88514cba2ecd8c8fd28410ab97952b7cc
GuLoader
6012fb54cc0a67842710e7189ebfa42c27d30f18a604fbb4122734fb23b7accd
GuLoader
7f30518d5d377a5daabfdf24a509e35c46b04f951500fec7a78e84724c4cdbc4
GuLoader
83a9482f5fb2807da38f62dce5a40bdf154d2c26f7a3080982efa30491bb66c4
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
accddeb954844341b87c006344f21c50757cd228d2f071d39e8707209b1a49f9
GuLoader
ca6c6262134182f4bc6367855eaf6a390bf9f3a1b95e7238f3480dfe8baf50db
GuLoader
e3f68e3679fc2ab587e712ce137e107318ebaa6bd5e724a76200bb10c945312b
GuLoader
e75e9eb97fb635737341ed9fcfd25471fdd9889e75305bbb6b32bbee19b32d52
GuLoader
+ 5'113 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-va7eq2h5q6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 3b6b56f381297f08bad9c27f08893ad0b2b87df28a395a6fa7090cf6593042c3

GuLoader

Executable exe 916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378982/
  
Dropped by
MD5 6f8271ea461ac3855f619f335a60b2cb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3b6b56f381297f08bad9c27f08893ad0b2b87df28a395a6fa7090cf6593042c3
Cape
Cape
https://www.capesandbox.com/analysis/6446/

Comments