MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c95f0063259bf9f86bbd26dc6ae04ce2b9efaaf759148685f457ddd25ef0610. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c95f0063259bf9f86bbd26dc6ae04ce2b9efaaf759148685f457ddd25ef0610
SHA3-384 hash: b63a622590d169cb97664d42eb639a2c22ea3654cfc00adb768afbdb1c1032bfac56aec3f760f70ae8623d6803c3151b
SHA1 hash: 66a306bd2c0ec56bb1fa61375c977593b783057a
MD5 hash: 94efa2a6a04b6cdf7e22ec265067df24
humanhash: ceiling-cardinal-ceiling-iowa
File name:Inquiry.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 12:35:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 302a5c5f0d21868858dcb0ddd327277d (1 x GuLoader)
ssdeep 768:bc7KEfq4d4DdewHrnerMktwd5dkXSZ5J91X+0bbYb/CaBdau9ljib66otb:byK94d4xRHreo6XWJ7rbYrxr9lji4t
Threatray 33 similar samples on MalwareBazaar
TLSH 98535D1B2E8CD193F1340B702863DA652667EC2AAD016E073E9C7F6ED6756417CE321E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: srv189.svservers.com
Sending IP: 46.17.41.31
From: Louis Zavod <info@mrgladvogado.com>
Subject: Inquiry - URGENT
Attachment: Inquiry.zip (contains "Inquiry.exe")

GuLoader payload URL:
https://systemsintegrator.cf/bin/fit4.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
149
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7542/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMIT.3660.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:37:08 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bsk7abrslg7z7bv32jw4nlqezyvz56vpowiuq2c7iv652jppayia._file
Verdict:
malicious
Similar samples:
0d6ae470c3a3700a88b9a1c42d6216e0e0dd9ba7005c3fe8c7cdaa1108408fab
GuLoader
2090709916a41cfe9ae1ebf1fd4e1dc13803e1cbefac6b796a79311cb5a95e2b
GuLoader
573e0b24a46f4c80e6e20d935166a5cbe9bfb3c9704831ac3d2f12ed704290c6
GuLoader
5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41
GuLoader
8e8ca471a9f9af066d0c6bc50224b2a42047babcf74fefa7a2746e2177148743
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
dbfdd9906827edada6d6bb63194a7b952f6e5f7592f59f2a9b7ff0dbe9dd01c0
GuLoader
e3936d05a6f6931946763895cb68f9afc1708643c41c78a179dce0b87f3abc08
GuLoader
eab3314405f92ae64e873677f8c2f47c6d1b6acab14e3f9a27e3580dd8409b72
GuLoader
f6d45dfe2df55a795c38882a4b7505efcf2ba8af52e065973c5522cecd5099da
GuLoader
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6ck6wmbnde/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2a2e7edf00ea392709fc23615056e6faa81235bdc90808c857d3ea934184fe54

GuLoader

Executable exe 0c95f0063259bf9f86bbd26dc6ae04ce2b9efaaf759148685f457ddd25ef0610

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385326/
  
Dropped by
MD5 25a382befd68e445b310aab405bccd1f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2a2e7edf00ea392709fc23615056e6faa81235bdc90808c857d3ea934184fe54
Cape
Cape
https://www.capesandbox.com/analysis/7542/

Comments