MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b04cf62e1182fdae7ca1805ccc467ccd6d9a0db1a3a7419a9d6a2b5e41419d06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b04cf62e1182fdae7ca1805ccc467ccd6d9a0db1a3a7419a9d6a2b5e41419d06
SHA3-384 hash: fa30955d05a5a2cab2f6e6565f480a3318efb2707445fd635ee63cd93b7aeb47d78e8b1373272f26690468cf58b7d406
SHA1 hash: 6d47007fb7cfe590e00558d397f554124f026f4a
MD5 hash: 64b6246a14c25e7f07b39a2bc1c38dbc
humanhash: two-edward-mountain-bluebird
File name:64b6246a14c25e7f07b39a2bc1c38dbc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-06 19:33:36 UTC
Last seen:2020-06-06 20:50:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0cd114dc1f4dfdb4ac90a02c32f55a35 (1 x GuLoader)
ssdeep 1536:DADrdLtwl28ljNP7+eHJwDwvTCh21Ll9LDOqHBLv:Grdhn8r+eHSEAKlDR
Threatray 5'121 similar samples on MalwareBazaar
TLSH 5B838E13AE198542C29C49B03D63EFD52B23BD195801DF4F7544AE8FFC75293A8E621E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://rainbowisp.info/dot/js/piro.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6862/
Detection(s):
SecuriteInfo.com.CLASSIC.31324.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 19:35:07 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wbgpmlqrql6247fbqbomyrt4zvwzudnruotudgu5nivv4qkbtuda._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935
GuLoader
0df0a487b38b5d9bdbc8e2c05ba4c639dfe09969f5f68c85da43b46c16a48f6b
GuLoader
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
18dc7ad4fd5ffd0ec8b8f12884b41f3ace4e2ba95f704175ebf0a0eead74ba36
GuLoader
1f6b6d481b672f8ed428a044ebffa9e16424317c0081aad3c00cb61a547b90b5
GuLoader
4853f32b8c9939f78afa1660524e6bb7d7c7359d8c2aed5f09cdaaa0c60a791d
GuLoader
560c76df97fdc5816fa9310921082a04b44b781e60bc77f84b970df04a36d1f4
GuLoader
7a42a2ba28ab9ea27b4972e5a8f5c5c066663e3d6427812f0621208bef33ea10
GuLoader
cac635b83d0ee884f8d8bbce419b4c9d13273f4a10c450c2ea50830dc683e3ac
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 5'111 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4vg2rqsqv6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe b04cf62e1182fdae7ca1805ccc467ccd6d9a0db1a3a7419a9d6a2b5e41419d06

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379344/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6862/

Comments