MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa4d6e0887210c5f967d3349942cd846130e5c3c227e56cb0782ec4bc0d9bea5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa4d6e0887210c5f967d3349942cd846130e5c3c227e56cb0782ec4bc0d9bea5
SHA3-384 hash: 1658b717e7f1fdde5ae7d5adf44a35374776fd029134239e17ba112934094eb30c37538337f8f7d2f7b4e60c73d84eb7
SHA1 hash: e7b0b5c5df1b987dd85bcc0d1914f7ed6a62ea3d
MD5 hash: 0458d927556da0b2b86ab2e723eac3bb
humanhash: ceiling-quiet-romeo-cardinal
File name:DOC2002748785588R894IMG.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-04 15:51:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4026f729103b812aae1671acd7a78eea (6 x GuLoader)
ssdeep 1536:Z3iMrgz7zyCsIvGMD1gvvvv0oTBuVxyWXynLJVFrAnjIaP+mLVJebVG/Ud43UQ9a:Zzrg/GSD1gvvvvxBAinLxAnj7PTVJebd
Threatray 1'611 similar samples on MalwareBazaar
TLSH 9B938D519AFABB70CD35CFB11A705128983FAC7038C64E0B49E62D386B7AD89B471753
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: duofil.com
Sending IP: 23.82.189.191
From: Burak Nurlu <burak.nurl@duofil.com>
Subject: RE: ISTANBUL PROJECT-OFFER REQUEST
Attachment: DOC2002748785588R894IMG.img (contains "DOC2002748785588R894IMG.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=8C77CEE60E33A6B1&resid=8C77CEE60E33A6B1%21106&authkey=AF8H8jn801BJNbk

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6561/
Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 16:32:37 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7jgw4ceheegf7ft5gnezilgyiyjq4xb4ej7fnsyhqlwexqgzx2sq._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
122256cada458b72697ddcda3d76cb49671318a2e38e898f7f38aeb6f1a19cab
GuLoader
13393c26e42a0d09bbd796f3f9b5109dc0d2e7ff7bd7f4aac0aa0c879c5c123c
GuLoader
2215802f5deb432f07a1aeebb7eeeffdf18cc5a035b0315ea693b08a4dbf942d
GuLoader
69e3e7a0726435f1d48dc9d56db3a3759fb038b9c8b7506ce48e5efc5460d839
GuLoader
7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061
GuLoader
803e96c5dc273ebc317b62354c790742fbb9807ee577e52790f293ed8298dde9
GuLoader
85efd0b4c3bb6232c4e075e99c46574b564785b0bdfa1b8bd91805922d91cef3
GuLoader
893ef71a58da9c450161aa56fddb97cd0e9c377f94a55e1d71a42569ee085de3
GuLoader
b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac
GuLoader
ecab33f5998dc995c200750f575b8571ae2a9d00b8264ed557be2d651230064e
GuLoader
+ 1'601 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fpsc5j5vf6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 9c2a41d63497dc3f05e01d1507e47eb6e05d9cd0501d0b7c41d046933a2ecc10

GuLoader

Executable exe fa4d6e0887210c5f967d3349942cd846130e5c3c227e56cb0782ec4bc0d9bea5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379338/
  
Dropped by
MD5 6e34b2c783ec26c619044a9ba84b8d4f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9c2a41d63497dc3f05e01d1507e47eb6e05d9cd0501d0b7c41d046933a2ecc10
Cape
Cape
https://www.capesandbox.com/analysis/6561/

Comments