MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77
SHA3-384 hash: 35fb1e7959024507bc0f83b15a6253354def393f3de3bb4d84b99781e05aa55029cca5bc9227627e038441493f9fb7f8
SHA1 hash: 0cd0868a96af2ae691eb7195655ca9ee89a6ba99
MD5 hash: 15ecca04fc6a7967c0e2e8eebd14ea3e
humanhash: lion-april-comet-paris
File name:Document.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:131'072 bytes
First seen:2020-06-04 15:50:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 97f6cd69e0b3d708eabdb9b8c564bbce (3 x GuLoader)
ssdeep 3072:CFfEcuDyni4/mjHotk3PV55hkXu15IsN/2J:CscuDH4ujIS3PV65sNu
Threatray 5'108 similar samples on MalwareBazaar
TLSH 50D35B032D69C729D0551DF07C935C9E362B6A0C5E402ABF1088EFBFAD702A1ACD665F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.evstones.com
Sending IP: 45.95.169.27
From: Nicole Gapes<info@evstones.com>
Reply-To: gapes.nicole@yahoo.com
Subject: Property Purchase & Leasing
Attachment: Document.img (contains "Document.exe")

GuLoader payload URL:
https://rainbowisp.info/dot/js/piro.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6554/
Detection(s):
Win.Malware.Guloader-8002906-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 16:36:50 UTC
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u2lkjy2k4irynytvtj23sd2zsbibylf3wuuqg34oyeslr647nr3q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935
GuLoader
03cba0b3813108ec932306f5aaa9d152603a834b9caf3c601722a9cda41ca194
GuLoader
0df0a487b38b5d9bdbc8e2c05ba4c639dfe09969f5f68c85da43b46c16a48f6b
GuLoader
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
18dc7ad4fd5ffd0ec8b8f12884b41f3ace4e2ba95f704175ebf0a0eead74ba36
GuLoader
1f6b6d481b672f8ed428a044ebffa9e16424317c0081aad3c00cb61a547b90b5
GuLoader
560c76df97fdc5816fa9310921082a04b44b781e60bc77f84b970df04a36d1f4
GuLoader
9a4f12beb7153b4365384e8918afda0d14d33bae8fa32ce8be01c4dcbf08529f
GuLoader
cac635b83d0ee884f8d8bbce419b4c9d13273f4a10c450c2ea50830dc683e3ac
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 5'098 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-36v4errcve/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 95a03ed547332734912440a00f3f6d6ce147c730b2d092f3253f5ad9e8e0446c

GuLoader

Executable exe a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379344/
  
Dropped by
MD5 417c5289381112d6a1d836b15101e941
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 95a03ed547332734912440a00f3f6d6ce147c730b2d092f3253f5ad9e8e0446c
Cape
Cape
https://www.capesandbox.com/analysis/6554/

Comments