MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbd23ab3964e6425f0068a39d6f15dd86708c1bd091912e9229c1840e75ec70d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cbd23ab3964e6425f0068a39d6f15dd86708c1bd091912e9229c1840e75ec70d
SHA3-384 hash: 0df0a43fa38c9c46d316cc3606248bb2435af5022a0aaa930767490e335ea2d34096f02aeb84c1cf64bbfb129fa05cf4
SHA1 hash: b1e5acc40ebef8d4329e264cce7fe4c84d4bdd4e
MD5 hash: 0656d351e0402c0c75469794da985d0a
humanhash: arkansas-uniform-wisconsin-muppet
File name:inquire-E+S2_xlsx.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:03:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8828b5551849503b4737bc20ec093836 (1 x GuLoader)
ssdeep 3072:XPX6mAAAAAAvAAAALAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5KVdhjFD9zliD:XPdwjB
Threatray 5'100 similar samples on MalwareBazaar
TLSH 8BB37C07EE498553C1888FB92D139E7A7F1CA4490C005FEF62397E9AED316836D9B21D
Reporter abuse_ch
Tags:exe GuLoader HostGator


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gateway30.websitewelcome.com
Sending IP: 192.185.168.15
From: Michelle-Lina (Ms) <michelle@xinyiglass.com>
Subject: XINYI ENERGY New inquire-E+S-20200603 and accessories
Attachment: inquire-E+S2_xlsx.gz (contains "inquire-E+S2_xlsx.exe")

GuLoader payload URL:
https://djmixers.co/kali_eJAiaBB84.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6472/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 07:22:10 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zpjdvm4wjzscl4agri45n4k53btqrqn5bemrf2jctqmebz26y4gq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
93d64ba68ed0dc9c138a80d867806691f14c10c3a98522c7fbe1a442b3f50f1a
GuLoader
a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6
GuLoader
bfa0531240e8ae03aee76df45f9e4c8748ad739a63f47c81269d7b2ca05fc329
GuLoader
ebe7e1de6e345ed9445e0d8a11241d13cb92a7df15fc5f05a6c5d6bbf9d3244b
GuLoader
+ 5'090 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bh7644b4ms/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 91079edb69a32d2edfb8edc9650407ef699105628637413cf0a9c93f52809f8b

GuLoader

Executable exe cbd23ab3964e6425f0068a39d6f15dd86708c1bd091912e9229c1840e75ec70d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376013/
  
Dropped by
MD5 f414bde3059825e9faaa3a668e66329e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 91079edb69a32d2edfb8edc9650407ef699105628637413cf0a9c93f52809f8b
Cape
Cape
https://www.capesandbox.com/analysis/6472/

Comments