MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eddacc373c3a12d02cfb1398299eaa3bbb815e090eb8640883dbc67adcd23a80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eddacc373c3a12d02cfb1398299eaa3bbb815e090eb8640883dbc67adcd23a80
SHA3-384 hash: 08e8813e8b80cd09495402f2ea19dfcc44e07e2b078e76dae86b83e9f0b99f0760d4941a96e443c6c837e4255702af5b
SHA1 hash: 52705c23bafa38b78a312f564b567a672183247b
MD5 hash: 12617d70430492917fa4b92a2441093e
humanhash: arizona-lion-quiet-friend
File name:bank details.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:37:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d095082a4d200321bb77300786d203d3 (2 x GuLoader)
ssdeep 3072:ZMU9/biGqkmylB4F/sUSaQfLlAtAllou:EVSAtAllo
Threatray 744 similar samples on MalwareBazaar
TLSH CEB3F61BBEC59CB2DD358FB10D325AA51C37BCA5AC205F076246B71D273728B3AE1219
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: thealtitudestore.com
Sending IP: 199.43.204.176
From: Angel Frco. Ruiz <veges@thealtitudestore.com>
Subject: Re: Confirm account details for payment
Attachment: bank details.arj (contains "bank details.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1MN7gXpYwUQZxDVOyHBkQ7Rw-LCB0M3VW

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5074/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:37:22 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06750ac0faac65082e722d5d7e8ccad6d9ceb5cd74faf3a9dca25be553e756e7
GuLoader
0e11032c40b88ae18b88c56392c3e7468971f9c0d19a422c1d626bed2133219e
GuLoader
396c67d17bdba56c29d4774991879313c236e9db5b9e1173f322d1bd3194edd1
GuLoader
60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
GuLoader
610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
GuLoader
6523cec93d68e38809ee7a9da3121fd5e535d2755828f668aa507a0b0d18b1e4
GuLoader
8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d98c94265a32705781c3702b0c93298fe71325cc0d3b8ee5b59a469b412e5263
GuLoader
f651bb92be806b5ee11a774bdf86227ccf8b720d0d15f31d542d3d992aa064a8
GuLoader
+ 734 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-txavvdlz6n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 00cd51fb0185d85cdff4ebaf131c2985246862e35236fa2ccb5d35b8ddb5f484

GuLoader

Executable exe eddacc373c3a12d02cfb1398299eaa3bbb815e090eb8640883dbc67adcd23a80

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369977/
  
Dropped by
MD5 71212239343b1eee9a3285333342a39f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 00cd51fb0185d85cdff4ebaf131c2985246862e35236fa2ccb5d35b8ddb5f484
Cape
Cape
https://www.capesandbox.com/analysis/5074/

Comments