MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090
SHA3-384 hash: 3d7d67f7be91eb178b0a734c1479fed3e869b343469b67c74951e843824f95bab5e016794e46e2b6960680fe546ab294
SHA1 hash: 213c4bfbfc471c774bff3aa73f1d5f990edad31a
MD5 hash: a9c2cb85163a1bb3d7129d678efcf989
humanhash: neptune-emma-princess-maryland
File name:facturas.PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-22 09:56:11 UTC
Last seen:2020-05-22 10:51:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e92406c3971179f76b29d7e2087702c (1 x GuLoader)
ssdeep 768:pEp4abrBBlJT8x8XF3XmBL8OQqyyUWdqzfnSlGjlQ/ESfuPoyJuPjpUswPv5ajqs:a15TGmCyy8XQuPohLpUzHTizlIIV
Threatray 138 similar samples on MalwareBazaar
TLSH 35935B18F948DCA9E8084DB1C9E446AA14BFFC327DA44B1F38C97E7C39739812D66346
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hosting-a01.descom.es
Sending IP: 54.194.66.61
From: Cristina Garfagnoli <cgarfagnoli@duran.com.ar>
Subject: verifique las facturas
Attachment: facturas.PDF.ace (contains "facturas.PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1KPWTH-gVU9tAW-5ixHEH5k9GQKEgef9J

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.878098.14457.17406.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:26 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1863d7653d364f73e1690e3e6ac086b070db17f588ca38db0111b58ad5fccbdf
GuLoader
1dccde0289f175d1d41140302e71242ae0ea250bdc580767256da69f7cb319ff
GuLoader
23f8a240f24779895ffce4e489da04e8cc2c705b2311e13a44432a6ef1b1b430
GuLoader
2c70b55a898ef83a75e8558047851e40d839b5a1c151b967797c3c4d2afd350c
GuLoader
327a0fccc9299609a7553d5a29b26753cfe7e84cb2bcd1dd8625a5d72241a8ba
GuLoader
446edf48a9da4c88fc12dd56029813fb80b6348cc3882453812093b43d124e22
GuLoader
6a5303bb0ea9067e348cb7bee1db4740682b5a3e37822d09d9b80783f64a5569
GuLoader
83c07662096e054ff35d85892e828e2f4127015e0d940e88c3c0cf30ac655bc7
GuLoader
d5132d40838a12d557fdcea3492cbe6775330dc7298bb806b076011816fe1f36
GuLoader
fe0e6e3be607ade9869e9d5a06c87f2485aaf35a29691f74354d7e6a386e711a
GuLoader
+ 128 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xcbfjcpry6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 988a37fbce9f6bbe0c3fd0de3e54f91e43b4d08f348e8be415c5ffbe962d94d4

GuLoader

Executable exe fc6e4e6dae2a913cbaf3d495ab6508f01660f1cd6a1b20a84105776c8f65a090

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366461/
  
Dropped by
MD5 3eb7bda3bbc459a296730d66504b5147
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 988a37fbce9f6bbe0c3fd0de3e54f91e43b4d08f348e8be415c5ffbe962d94d4

Comments