MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cec2f9996977f945ffbdd5624170b6e1daa151aaab1e5d9aea7a5566f5197dde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cec2f9996977f945ffbdd5624170b6e1daa151aaab1e5d9aea7a5566f5197dde
SHA3-384 hash: aa87b86a403b93091f92d8a7cc851adfda9db984770157496c0a416f362db91e11a1b78d6d7922f9eb57635f174492f9
SHA1 hash: 2f183973ca6488402167be8992fa5a6eb683e14a
MD5 hash: 254b39dfc2a6a7f1d942a9cbf3248422
humanhash: solar-moon-west-vermont
File name:IMG_Proceq Special Offer.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:01:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01fc635fbb2e028ab7d2454d3e9beb81 (1 x GuLoader)
ssdeep 1536:cSPfxV400kValWkgrKHxLdGKc+o0FDHdZ1gIOZY/SW0snEfHxD4Js:dPX0kVe4KVdhjFD9z6OS/
Threatray 5'107 similar samples on MalwareBazaar
TLSH 0EB38C07EC5C8A53D1448BBC3D178DB93A1DA91949401FEF707A6D9BBD312922CAB21F
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ftco.sa.com
Sending IP: 193.142.58.27
From: mahrnoud@ftco.sa.com
Reply-To: mahrnoud@ftco.sa.com <wiz2018@bk.ru>
Subject: Proceq - Limited Time Offer
Attachment: IMG_Proceq Special Offer.rar (contains "IMG_Proceq Special Offer.com")

GuLoader payload URL:
https://tehrimfatimaassociates.com/wizzybin_hngHKTPpU108.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6445/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 08:35:56 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z3bptgljo74ul7552vrec4fw4hnkcunkvmpf3gxkpjkwn5izpxpa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
41e1b66a7d9ba85d2edb67eb3adf1ba8dd251ded73925d82f98bfdda5b34511b
GuLoader
516af190e411859eafe3334997490013f00b0a6199ef034a584df640a3993440
GuLoader
51ba9fa1830056b815cc4203b57ee4f46b26a5f7dd7f6a01066c94fb88bf8f01
GuLoader
792ee40918c1cb2ebf202212c5f5bf3f1c945f18e60a93ebca0cd3a9f6bc77cf
GuLoader
88c0ef97b6edb3f676523e57ee95a23604efc28ef3a9db916c2123c793b44571
GuLoader
9aad58f1d569335bb140604794a5b3e2f02fd44ebbfc16e86b795b93f460e98c
GuLoader
a14dc3eb54f3876b3a2bfc6e0aa105c832fc5424130c43248995cceda6790133
GuLoader
ae438370eda70ba48a763c526e61b068e16d11cbd00e9cb504d6f1eeb7442d22
GuLoader
dea5303370177b621cdd1fd497396ddaa9e94d3edd1407339f52f0dc85a67046
GuLoader
ee4ae13d3fd3b58d86e270db11937476b4b7add1673983c2c28ed4d7dcc75552
GuLoader
+ 5'097 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-62trvmd6c2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar bcf627e39ea9e1b785f74082d7a2029687d1c16e148d34b41ae6f610326bd882

GuLoader

Executable exe cec2f9996977f945ffbdd5624170b6e1daa151aaab1e5d9aea7a5566f5197dde

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378971/
  
Dropped by
MD5 92b344334e791716c29f5be83fceda88
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bcf627e39ea9e1b785f74082d7a2029687d1c16e148d34b41ae6f610326bd882
Cape
Cape
https://www.capesandbox.com/analysis/6445/

Comments