MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cb0059baf3983db9857ea71e6bff0a572c42b2badd00bffe78ff1fdf6a1c007. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0cb0059baf3983db9857ea71e6bff0a572c42b2badd00bffe78ff1fdf6a1c007
SHA3-384 hash: 3a34c6fa10c40aa3aa70fbc9b161dfde844c306fa9b8b18cd3729104adfa467de11c290f70ea5f3869ce552030b81808
SHA1 hash: 0e2593344939ae08694739b9d5d0e3f8577020ff
MD5 hash: 167c45478ee28c5d363f28f1347fa740
humanhash: vermont-hamper-enemy-white
File name:Doc_Uzkimyo_6799262892722.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:02:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b71b4019f125fb929f3bceb4e70f920 (1 x GuLoader)
ssdeep 1536:BXpSPfxV40lKzmImjdA0kgrKHxLdGKc+o0FDHdZ1gIe92TbnccLTkw7:WPXlKMjdpKVdhjFD9zXx7
Threatray 921 similar samples on MalwareBazaar
TLSH 03B37C17FD888553D0544BBD3D578E79361CE91C48005BEFA475ADABEE322822CAB21F
Reporter abuse_ch
Tags:exe GuLoader Yahoo


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sonic305-3.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.133.42
From: Lynn Fletcher <lynn.fletcher60@yahoo.com>
Reply-To: Lynn Fletcher <lynn.fletcher60@yahoo.com>
Subject: Commercial Offer
Attachment: Doc_Uzkimyo_6799262892722.tbz2 (contains "Doc_Uzkimyo_6799262892722.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%21148&authkey=ALbZVqbBkAuT0m0

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6451/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 08:35:59 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bsyalg5phgb5xgcx5jy6np7quvzmikzlvxiax77hr7y735vbyadq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
16ea5dc52c94b89cae902c89ca1e1d5572268b83014fe2d8175061f654295ba2
GuLoader
4b1798ea1212bd8c50d111f5124660ca4c7288a1c11129aece16c279a11ab3b3
GuLoader
81da3c108aefe11adace6bc0241351dd8c0afeb567801f323a2f4b4acc00c61f
GuLoader
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cebf765590be725ca5f5589e51a0e81236f6e63dae47f1cdff6029429827c0be
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
f78f5eeea8bfec17ed985d71b265dd5be1bb90f781004a6a473e2e116abe144e
GuLoader
+ 911 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-p9dfqfjbl2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ef9bf5e393b4d40777e4172a4717202b2a2dba535f8e0bc200f5b326b44dabfd

GuLoader

Executable exe 0cb0059baf3983db9857ea71e6bff0a572c42b2badd00bffe78ff1fdf6a1c007

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378978/
  
Dropped by
MD5 e156b49f154f3afeecf0bb1b47bbcefc
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ef9bf5e393b4d40777e4172a4717202b2a2dba535f8e0bc200f5b326b44dabfd
Cape
Cape
https://www.capesandbox.com/analysis/6451/

Comments