MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b
SHA3-384 hash: 93b4e2945bb12943540337fd9e4f390777e5d2fc591ffb2891f50ab35607bfc367ec865ae0053fdf7ee6c8ff4d33e691
SHA1 hash: d88287dbedac183593eb5c8756550f9260fc2be8
MD5 hash: 3072fab6756afae7958bcadef5dc5527
humanhash: georgia-crazy-three-johnny
File name:PO06.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:02:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c635c70dbcc1ba3a551881dc75a100db (1 x GuLoader)
ssdeep 1536:xYF8SPfxV40V8vSukgrKHxLdGKc+o0FDHdZ1gIlZsGHWgxzX/qDsN:89PX+hKVdhjFD9zx4Md
Threatray 5'094 similar samples on MalwareBazaar
TLSH A4B38C07EC9D8653D1448BBD3D578D793A1CA81849005FEF703A6EAFAD316522CAB21F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: pmrelo.com
Sending IP: 103.240.91.86
From: Ravindra <sjrkintluea@gmail.com>
Reply-To: sjrkintluea@gmail.com
Subject: Purchase Order-030620
Attachment: PO06.gz (contains "PO06.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1RdjReVaKNb4YkZ2LFu_S1-l59yE38SpG

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6449/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 02:01:14 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bd6qrles5b7qo7p2o6vvzpsi3tfx77ehzuzyuzcrxccnil5ggbvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06e0e3da562a627b84f328a76d70b62326e2b5a82fd28bf943b6d3dfd1f26cb7
GuLoader
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
GuLoader
7fcf92c7dcd71c8dd4d0b073877afb90075305390ccf6e3a50ca598211e0469f
GuLoader
a1520b7826c6a1de6e82b8d24c1667436bb94dac97404959e2c368863a471f6b
GuLoader
b05998bc4d111c80719ab38c75918662f8151fd5e5e223cdc90f0d97caad3b6e
GuLoader
d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba
GuLoader
dea5303370177b621cdd1fd497396ddaa9e94d3edd1407339f52f0dc85a67046
GuLoader
+ 5'084 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hxlz2m2zp2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz df50cd5847c477d0ea650a12f67556c5a0b8b8379458d320986adecf55c663ba

GuLoader

Executable exe 08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378981/
  
Dropped by
MD5 c58b95a2574eca626d75accd46629386
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 df50cd5847c477d0ea650a12f67556c5a0b8b8379458d320986adecf55c663ba
Cape
Cape
https://www.capesandbox.com/analysis/6449/

Comments