MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01f0b05574fcb3c10aa17fcbc2543497c2b7a6747e06e34e5e30070a2ce51bdb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01f0b05574fcb3c10aa17fcbc2543497c2b7a6747e06e34e5e30070a2ce51bdb
SHA3-384 hash: 2ab2261e62f2ab4d256fd723f5f8c714c0b397a87c5256c02f5c9f415df2312040bc581ec2b5d3bf939416b947df2bb5
SHA1 hash: d1d9fe1501319ed353b78b342fbc4bd5cf7bf5d0
MD5 hash: 65c1819234d19dd3c3f56ec11dcdc573
humanhash: video-colorado-king-jig
File name:RFQ 6804 RCRMPR-05012-20.pif
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 15:52:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 97301595df3493ac50308f24ec6929b8 (1 x GuLoader)
ssdeep 768:Lg/d2FZwpT8S9h8vUQKC7Qn++joHfB2h3SkRI46o4Y5Hm:LTFZwpT8Sr8vpKCIhjO2/I4EYg
Threatray 174 similar samples on MalwareBazaar
TLSH C3933B52BAE0E522D736CEB11E659B95215BFC701A45CE03A4E03F6D6B36B02F63131B
Reporter abuse_ch
Tags:GuLoader pif


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: imailtoolsbulk.top
Sending IP: 117.50.3.249
From: Juzer Chaklasi<sales@imailtoolsbulk.top>
Subject: RFQ RCRMPR-05012-20
Attachment: RFQ 6804 RCRMPR-05012-20.pif

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Fareit-7784779-0
Create hunting rule

Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 03:56:07 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahylavlu7sz4ccvbp7f4evbus7blpjtupydogts6gadqulhfdpnq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06750ac0faac65082e722d5d7e8ccad6d9ceb5cd74faf3a9dca25be553e756e7
GuLoader
15fa0bc1864e5af21b28f16b0c1d56e53880cc6f70f0a0e9faac5dca06304b88
GuLoader
17e0971dd39c6cede948706786eb03cdd7077028dcf94ae3d16a03356256a1d3
GuLoader
1dccde0289f175d1d41140302e71242ae0ea250bdc580767256da69f7cb319ff
GuLoader
3d759e1a22e9409de973cc5040093aff85d02303712fe10283b7baff63de9f73
GuLoader
5da7735fc8be010eaed89e5776cabe530402d4c6d0c6e5c5de515f12e05081f8
GuLoader
67348aa265e2504aa1a048466a767b016b3369dc0203f48eae80342102af54eb
GuLoader
92574e92ed7461639393ef09258609b637fc5e68341c5fe13e460f2dff705d0d
GuLoader
c210625165f0448f38cf697f157e7ee48ca4acd84d125b41037b308e9f31aba4
GuLoader
dadcf3ef1ba5f212ec2a93a34e414eeb66588309132d85ac1d686b7a23ef3687
GuLoader
+ 164 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ceyccpd4v6/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 01f0b05574fcb3c10aa17fcbc2543497c2b7a6747e06e34e5e30070a2ce51bdb

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments