MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac4035cfb9c8a93c294fe1911bd4cd94ce403d8cdc301fa4bf113144b40d1245. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac4035cfb9c8a93c294fe1911bd4cd94ce403d8cdc301fa4bf113144b40d1245
SHA3-384 hash: d97bd1b33807bea480c1cb7dcd7155ea15367f555fc157350ff5744aa1d2720ba79f560655ab18f8e14a5456fd23f517
SHA1 hash: 9d0fda7d84838d4882571c8f21f813c9595f4884
MD5 hash: d464f8434a6d70244b6d709fe4c6cfea
humanhash: west-magnesium-item-double
File name:Purchase Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-08 19:00:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c86a1e54f2f10ad5b50e20bf2e777dc1 (1 x GuLoader)
ssdeep 1536:bLNuRtSlYr7HG6ZriamdZe6cWr8sagCppa6tOh:QLH1li8ye0
Threatray 324 similar samples on MalwareBazaar
TLSH CC932E03BB058702E2595D7254A26BB07707643E08429F2E22A9EDDFA4F4663FDDC39D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: frf-ajf.ro
Sending IP: 89.45.174.241
From: FIFA Regulations Dept <Baumann.sonnenburg@dr.com>
Subject: RV: FACTURA
Attachment: Purchase Order.zip (contains "Purchase Order.exe")

GuLoader payload URL:
https://rcmmanagement.com/fit/fit.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7168/
Detection(s):
SecuriteInfo.com.CLASSIC.10428.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 19:02:12 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vradlt5zzcutykkp4girxvgnstheapmm3qyb7jf7ceyujnancjcq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
guloader
Create hunting rule
Similar samples:
0fa48ae85f61923503631667a6982f655b03a66ca2c96b4d73dd0ca9ae75fdf7
GuLoader
4639769fea49849bb1a85d41d7dc9f4975e0945b3e5b0622503a71b8a97faccf
GuLoader
5d0e5fe6f84c394371c174a358770010a2a1338563cf5c19659b9cb0c2d2aa69
GuLoader
7580b583ccf57526e5a5ca40651ec5a95abe64b77a7c223f037443e480fbe185
GuLoader
8ab140bb28604e13079fa3aa37f12f521a7ab3619b979e0ca505a337a544431b
GuLoader
aee6577ef4a0d538fecd2596cedc2cdcd8eed86e9267c1bb40b0a17fbb5e51a3
GuLoader
b8cedaeefb46ff748af412d63d33b2d508966d4e33fd88efc592072b64017f5c
GuLoader
dd19bace27d42e2a34d4ec3a92671ad7c615a2eab04cf66bf4682fd604eaca11
GuLoader
eb96ab93249a86be52aa53a58fb8667b4c54f6b6dbc899fd23ea56b12b52a001
GuLoader
ff2a69d6c6bf6bce9060d0570e2aec5f88a964c46736e3860152895cf94449f2
GuLoader
+ 314 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-y8yzxskdxj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip c693e27357c9f3c97663e24c3accf9f92c014f4d1ad3776e83f79a677c000e76

GuLoader

Executable exe ac4035cfb9c8a93c294fe1911bd4cd94ce403d8cdc301fa4bf113144b40d1245

(this sample)

  
Dropped by
MD5 26d06077d093b69cb95b0a3e47d58a0b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7168/
  
Dropped by
SHA256 c693e27357c9f3c97663e24c3accf9f92c014f4d1ad3776e83f79a677c000e76

Comments