MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5f509cbd11ce2cca22d0f3a50468a9403e63ec9b1542eabbb1d265ae4d6b453. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5f509cbd11ce2cca22d0f3a50468a9403e63ec9b1542eabbb1d265ae4d6b453
SHA3-384 hash: d56f06ad7b2b96abe8fbd7c3ece42c9de1d58e691e9a4cd641b101e48402af2a91f2e1c065177d433efa15ab8e9cf430
SHA1 hash: e5335a2302b8f6e8a7065e1760fdec11e146b2d0
MD5 hash: c770217949542a8e4e1ec35167a297cb
humanhash: carolina-potato-king-avocado
File name:ORDER-A01KS06499L.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 16:20:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 60e6ca9e14035519cd34fbe399270f47 (1 x GuLoader)
ssdeep 768:1PYG1Px8QOhp2DOWpIjcul18c2ytHu8C0fwTCoj1qa8r6/HUN:y+PuQOhp2uco+9ytCaoBqas
Threatray 5'452 similar samples on MalwareBazaar
TLSH A0935B46B6D2C526D39A8EF15BADA354082BFD7419228C0374C13B2DBA36F53E52472F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail-smail-vm36.hanmail.net
Sending IP: 203.133.180.224
From: 주식회사 애드앤 <addmaker@hanmail.net>
Subject: FW: PO2005000097
Attachment: ORDER-A01KS06499L.IMG (contains "ORDER-A01KS06499L.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45742.3579.5618.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 11:11:45 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6x2qts6rdtrmzirnb45faruksqb6mpwjwfkc5k53dutfvzgwwrjq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b070208a117d36e1941cacb4d20ce5c9493d9b6357422cf1292dddf1c5a27ca
GuLoader
2eb11af6d3282bc293586d723b4f411157975c6a7464bc7fecb0f11a2c8951bd
GuLoader
3c11c15902d64e4b5ad06df07af329cb59a9626dae68a25fc9fc87dd4db9e6a2
GuLoader
4e16c663be416ebc214f67367811ccbfec46102cc9ecac856b91f58ff775885d
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
+ 5'442 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wjw3ta73qe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

7cbaee697fe6f24e2679fb72599748b9

GuLoader

Executable exe f5f509cbd11ce2cca22d0f3a50468a9403e63ec9b1542eabbb1d265ae4d6b453

(this sample)

  
Dropped by
MD5 7cbaee697fe6f24e2679fb72599748b9
  
Delivery method
Distributed via e-mail attachment

Comments