MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee4ae13d3fd3b58d86e270db11937476b4b7add1673983c2c28ed4d7dcc75552. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	ee4ae13d3fd3b58d86e270db11937476b4b7add1673983c2c28ed4d7dcc75552
SHA3-384 hash:	56ac830fe50442bf1c90dd9c858fe23bcc54f587af21f8e9dc9a6b4cc19681b114b7cc8ed545d77bd927b83bb06e513b
SHA1 hash:	7765cfc9f2db46690167113e01b498219401d2e1
MD5 hash:	5484fdf0fb3f9b032d2ab493c7ac7283
humanhash:	paris-freddie-hydrogen-georgia
File name:	5484fdf0fb3f9b032d2ab493c7ac7283.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	81'920 bytes
First seen:	2020-06-05 13:40:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3c02d8e5dd5f628bf90e285220bc8028 (1 x GuLoader)
ssdeep	1536:ZxDDrdLtwzY/uWK1cwDwvARJKznbASJ8EKc:ZZrdhUY/i1BEYKz/f
Threatray	5'864 similar samples on MalwareBazaar
TLSH	B2838D03BD18CA52D04545B52ED39A991F2BBD284802AE9F7504AFCFFCB179368D921F
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

GuLoader payload URL:
http://pars-science.ir/colinx_hYnafiCIIe228.bin

Intelligence

File Origin

# of uploads :

1

# of downloads :

89

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Formbook

Link:

https://www.capesandbox.com/analysis/6699/

Detection(s):

SecuriteInfo.com.Win32.Injector.EMGX.3705.UNOFFICIAL

Gathering data

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2020-06-05 07:47:49 UTC

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=5zfocpj72o2y3bxcodnrde3uo22lplorm44yhqwcr3knpxghkvja._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

1be61c2f6e006dc35f4d81b2797d967d2a4ff04f854679d334abf13ceec8c508

51ba9fa1830056b815cc4203b57ee4f46b26a5f7dd7f6a01066c94fb88bf8f01

787e032a02ff81b42fa794cc31a55e149cee73a366fa3980bb8da4d05c511834

8dd3e9f82cb60189361dc9dd1b4423810bdea1ef095db0362513817b87ce9c2d

ae438370eda70ba48a763c526e61b068e16d11cbd00e9cb504d6f1eeb7442d22

b5ee70ba14a2bcb9936bd64d99ce7b51785ba328b16a0be49d47c10cba17980c

c5049b79f66303da5f8f91e527b7f182a765c54c075f134b1779fc5802ad6b1b

c6bed06259f7c50c2b15e8161d5b1fa11690e69a7e5bb3261202debfb7d96708

dea5303370177b621cdd1fd497396ddaa9e94d3edd1407339f52f0dc85a67046

e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0

+ 5'854 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-s9l5ezktes/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe ee4ae13d3fd3b58d86e270db11937476b4b7add1673983c2c28ed4d7dcc75552

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/382095/

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/6699/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample