MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d6ae470c3a3700a88b9a1c42d6216e0e0dd9ba7005c3fe8c7cdaa1108408fab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d6ae470c3a3700a88b9a1c42d6216e0e0dd9ba7005c3fe8c7cdaa1108408fab
SHA3-384 hash: ec0e439bf484b319067464296623843332fac805ea2c408d1e5721c25f8038f9b962246016438a4f33eafa4dc2b94124
SHA1 hash: 816f98b9348bbbcae33099c91bd3209bbfe16c99
MD5 hash: 4dfa95e5a5769b1fb3a15945d6c38800
humanhash: utah-victor-mike-texas
File name:Outstanding Payment_June_2020_PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 11:33:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3aa305c04c0f8a05b7455057f446afb5 (1 x GuLoader)
ssdeep 1536:bf94d4xRzy1Sktcb7rbmsEQMbU3fiTUSx:h4dLV2Xmh5Vx
Threatray 861 similar samples on MalwareBazaar
TLSH FD536C0F7E4DD193D2780BB0583696E11665AC288D02AE073F9DBF5ED9352C1B8E721D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.carryboy.com
Sending IP: 27.254.141.68
From: prasong@carryboy.com
Subject: RE: (122614) - update payment date
Attachment: Outstanding Payment_June_2020_PDF.rar (contains "Outstanding Payment_June_2020_PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1rs0nA7SOO-FmePI2bk0wlxOzus4Rryyh

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7522/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:35:05 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bvvoi4gdunyavcfzuhcc2yqw4dqn3g5habod72ghzwvbcccar6vq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
16ea5dc52c94b89cae902c89ca1e1d5572268b83014fe2d8175061f654295ba2
GuLoader
3631b6f02663cc48d6ca8a8396a168c0d0204326c8d3ff66b25e013c7e8d5f93
GuLoader
4b1798ea1212bd8c50d111f5124660ca4c7288a1c11129aece16c279a11ab3b3
GuLoader
63df2602ff2676e438e25c4544562736eb3c4da856280600d7790edcd0478914
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
efb0614d2ed991a28fb923ed15a74ecf24bbaea76e767f16213c752962c103df
GuLoader
f2f339adc33d22b8ba865095fd503e028390079aee791e028a36a3c29def7c6a
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 851 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m8rkvxh7es/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 43bf254b408877739dcea1a72ed8faaad769148ca73c6b6ce87108a27537d62b

GuLoader

Executable exe 0d6ae470c3a3700a88b9a1c42d6216e0e0dd9ba7005c3fe8c7cdaa1108408fab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385301/
  
Dropped by
MD5 4a1cf60e634e02f5109b762f5d303de1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 43bf254b408877739dcea1a72ed8faaad769148ca73c6b6ce87108a27537d62b
Cape
Cape
https://www.capesandbox.com/analysis/7522/

Comments