MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
SHA3-384 hash: 3a0a21772dce66ebbdfa56626171281c753111786c78e30023fd38a1333d4c6056c7020d2a3f457fb569b5a85a4cfbc9
SHA1 hash: 85eb6903f976995b8784aed980feedbffc3dcf95
MD5 hash: ac984f81e4eae082c0d424a44a557e56
humanhash: blossom-washington-india-missouri
File name:Details (4).exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-05 13:41:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 57e024ba36de67d7e210b085db5d9b76 (1 x GuLoader)
ssdeep 1536:iGLvDrdLtwUFFFLCTYPwDwvRN9W7RhnIZUQV/GlorN:iGrdhphLmEr9ohnarh
Threatray 6'216 similar samples on MalwareBazaar
TLSH C2739E03BC0CD651D1594AB42E13DDA91F276D1849829E0B7518AF8FFCB53DB2CA622F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.northern-safe.com
Sending IP: 45.95.169.178
From: Nicole Gapes<info@northern-safe.com>
Reply-To: gapes.nicole@yahoo.com
Subject: Property Purchase & Leasing
Attachment: Details4.img (contains "Details (4).exe")

GuLoader payload URL:
https://rainbowisp.info/dot/js/piro.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6703/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMGX.19824.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 08:46:10 UTC
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ijpxeesm3lkn5zrlsh74d6o3nvwhotgbtmr47bkyttnwfczmfyq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0df0a487b38b5d9bdbc8e2c05ba4c639dfe09969f5f68c85da43b46c16a48f6b
GuLoader
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
1f6b6d481b672f8ed428a044ebffa9e16424317c0081aad3c00cb61a547b90b5
GuLoader
27d591d9f4f1c5c4f3f6ae8f975b1a0ed7d2ffb5277348e59cd32ef5c57e6168
GuLoader
4853f32b8c9939f78afa1660524e6bb7d7c7359d8c2aed5f09cdaaa0c60a791d
GuLoader
6715e87f7070a2d7b5b2c71e98a7bade689a504aed3b95654af3494248a501d4
GuLoader
7a42a2ba28ab9ea27b4972e5a8f5c5c066663e3d6427812f0621208bef33ea10
GuLoader
a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77
GuLoader
b04cf62e1182fdae7ca1805ccc467ccd6d9a0db1a3a7419a9d6a2b5e41419d06
GuLoader
cac635b83d0ee884f8d8bbce419b4c9d13273f4a10c450c2ea50830dc683e3ac
GuLoader
+ 6'206 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xfjcya7sj6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

a144cdfc7b8d1470c4222381ad0d0dc2

GuLoader

Executable exe ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379344/
  
Dropped by
MD5 a144cdfc7b8d1470c4222381ad0d0dc2
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6703/

Comments