MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b5382684cba90f427975d7be5c938b3216b38f0f00e617f36c71535e4deb8059. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 2
| SHA256 hash: | b5382684cba90f427975d7be5c938b3216b38f0f00e617f36c71535e4deb8059 |
|---|---|
| SHA3-384 hash: | 028a7c4d0e271abc6da3b55cf5ecb54b0d7c479b316ee84d534cec4537a468733faac0a343bc9f306deda6fc8f3bbab8 |
| SHA1 hash: | d93e3957bdbb685ac7c6fba985bdac738bfc2cee |
| MD5 hash: | cc3a34a1998ee0f2192ccef0c2293ea6 |
| humanhash: | ack-beer-coffee-kansas |
| File name: | Factura.pdf.bat |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 192'512 bytes |
| First seen: | 2020-05-28 07:04:40 UTC |
| Last seen: | 2020-05-28 08:22:26 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 622654170d1b18cea7c60758d9b0bda7 (1 x GuLoader) |
| ssdeep | 3072:QFAB1RTJXkKggggzcPEgggg5gggggggggggggggggggggggggggggggggSa01BWU:QFABTJUKggggwMgggg5ggggggggggggS |
| Threatray | 164 similar samples on MalwareBazaar |
| TLSH | 45143932B72ADC72CA8144F4D8D1C5F514757C11C91A4E2B77C07F2EB5FB182A8AAA36 |
| Reporter |  abuse_ch |
| Tags: | bat GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: relay1.grserver.gr
Sending IP: 185.4.132.176
From: Admon <victor@contenedoresortiz.com>
Subject: PAGO DEL SALDO
Attachment: Factura.pdf.rar (contains "Factura.pdf.bat")
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1-NwXN7u0VxlSYDCEBOZnDmScTdT-JtTp
Intelligence
File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Fareit
Status:
Malicious
First seen:
2020-05-28 07:37:58 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
15 of 31 (48.39%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
+ 154 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.