MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01cbd7ffa69b802c48571c9643d525c525493463b592a79336ee6757e9d54aa2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01cbd7ffa69b802c48571c9643d525c525493463b592a79336ee6757e9d54aa2
SHA3-384 hash: b282b9d7b5aa8cfcc49c1fd86e71bed337adceaf964d4f358ab68b968a4e93b70efb44b90a08b15a80ebf92549927610
SHA1 hash: 305204d80bbff81b558a14187085cf02d81bdb26
MD5 hash: af9fd9f57d7861b408f7cb322ac94400
humanhash: kitten-twenty-cola-eighteen
File name:payment inv.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-08 14:48:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 859a748b7d5e3f6dc0e299f0f2462459 (1 x GuLoader)
ssdeep 768:Uwu1aL3mNtlrHBOjIHzHKkIlp/He1sHJ/ZTHi6Jbfwa+oT6QOqBvK2rwrso2:XuRtSmzqkIr2sHJ/ZriaTwbTqFK28D
Threatray 5'101 similar samples on MalwareBazaar
TLSH 6C83AE237854C18BF0550BB12CB2DAF43F26BC291941AF8B5155BF5BE872B026CA772D
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: wrqvztfd.outbound-mail.sendgrid.net
Sending IP: 149.72.231.253
From: Sener, Mesut <aalbert@svoco.com>
Reply-To: Sener, Mesut <Mest.Sener@irco.com>
Subject: RE: Invoice Overdue & SOA
Attachment: payment inv.img (contains "payment inv.scr")

GuLoader payload URL:
https://ny.libconsult.ca/binazadi_PDqgcY243.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7075/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:50:06 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahf5p75gtoacyscxdslehvjfyususnddwwjkpezw5ztvp2ovjkra._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2ffbb987622b48ac9e1b3a53291f9af5a3949ba14019d43756a8219f66af0a86
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
8606768cb758ba8379659f65220250ebc1c491dabd668e7f98663571419cadf2
GuLoader
9a1bbd02f1dc5ae62f13a00f38067354bf8a754e72e3ebee49a8b6aaa7b7e41f
GuLoader
9aad58f1d569335bb140604794a5b3e2f02fd44ebbfc16e86b795b93f460e98c
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
GuLoader
b9cd83c667b694ec10f884183b138beeb0f986a7d3c50af463535852f2fa0663
GuLoader
+ 5'091 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ajtzqclnxn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img b9ea21f1e4ddb75d0fce2cd9002e342ae0cde92051fdcc1e16a6d87ad62379df

GuLoader

Executable exe 01cbd7ffa69b802c48571c9643d525c525493463b592a79336ee6757e9d54aa2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383218/
  
Dropped by
MD5 c58a025df4e8af0c08d9ce313948d160
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b9ea21f1e4ddb75d0fce2cd9002e342ae0cde92051fdcc1e16a6d87ad62379df
Cape
Cape
https://www.capesandbox.com/analysis/7075/

Comments