MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04f9b7ca41ecf60e77f0a4a2c38a644c02b913b6958e0c22c0fe2773dbf7acbb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04f9b7ca41ecf60e77f0a4a2c38a644c02b913b6958e0c22c0fe2773dbf7acbb
SHA3-384 hash: 2bd5cd7df5651cbe73d39db3e942f7cce691ced1d86c2787ec957a08989722e0ab3dda00fda53c4735231ad751a130eb
SHA1 hash: 91061cef68e42eff907b08bf3687c4d2f8b32a79
MD5 hash: b8dffc3a08ef1fcb02e36aa85c9c0f09
humanhash: stream-timing-comet-fruit
File name:WT_purchase_order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 16:18:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 51d06049973151d151da9ac7198eb480 (1 x GuLoader)
ssdeep 768:SqTtvu8ixS4G2c8LLGEeAIyeHiBlA/y6WEuIf0l7XLHt:88ixSf2LGEeAIyblOWhP5
Threatray 5'100 similar samples on MalwareBazaar
TLSH A0933A8776F4E23BD205CDB22F65AB98146BBC7019058903F9C03A2D1736B5AE93572F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 비 엘 두 주 식 회 사 <kidsnuri0055@daum.net>
Subject: 견적용입니다 긴급\x0a으로 견적만 주세요
Attachment: file.IMG (contains "WT_purchase_order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45781.7162.31224.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 03:15:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=at43pssb5t3a457qusrmhctejqblse5wswhayiwa7ytxhw7xvs5q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
65d993ca9f1fffaa634838468d8f9401f7f2812aa75065e9805447db5b667720
GuLoader
9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'090 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-y3aw5fe7vs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 65446f37d51ec678a67d994250fdbe6253de6dead6bb2b1d8d101f212fbb73ad

GuLoader

Executable exe 04f9b7ca41ecf60e77f0a4a2c38a644c02b913b6958e0c22c0fe2773dbf7acbb

(this sample)

  
Dropped by
MD5 47564c62e597361d33d77a011fbd7459
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 65446f37d51ec678a67d994250fdbe6253de6dead6bb2b1d8d101f212fbb73ad

Comments