MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e11032c40b88ae18b88c56392c3e7468971f9c0d19a422c1d626bed2133219e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e11032c40b88ae18b88c56392c3e7468971f9c0d19a422c1d626bed2133219e
SHA3-384 hash: 484ff3fd1e005b94037f342c9adf9e1fb8fe45799bfd2f4f1f695df5af2ab4ea0d565ca82e1e89b62da08d91e69fc444
SHA1 hash: 055da4fd5cc76e994b65288fd059f52257fc4a33
MD5 hash: 9a6551741830303765b3d94df6c5404b
humanhash: oklahoma-golf-two-glucose
File name:REVISION OF INITIAL QUOTATION.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:25:52 UTC
Last seen:2020-05-26 08:15:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 40379fa6f131dd3517dbf4472f96affa (1 x GuLoader)
ssdeep 1536:vqW/N4JnA8tOzLd9bNYHw7Y3FDuFFSPdltfH:z/Nr8tOTNYke8LAdlJ
Threatray 733 similar samples on MalwareBazaar
TLSH DCB3D712B1DC9DB2EF741FB28C7596944D36BDA168020B0770DC7A0F693B98A2DF1329
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: megatech.com
Sending IP: 156.96.62.50
From: Purchase Manager<info@megatech.com >
Reply-To: Sophiaxu01@gmail.com
Subject: REVISION OF INITIAL QUOTATION
Attachment: REVISION OF INITIAL QUOTATION.zip (contains "REVISION OF INITIAL QUOTATION.exe")

GuLoader payload URL:
http://hosseinsoltani.ir/wp-includes/IXR/legacy_bJhKCdoEqV203.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5613/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33903782.30782.24875.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 01:14:54 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0eecb6cf7b7bdd0f9b278d0b6341764ac7145e443fd0fe37dcbb222fe088609b
GuLoader
2eb11af6d3282bc293586d723b4f411157975c6a7464bc7fecb0f11a2c8951bd
GuLoader
305a2d609d4d34967a53c2f44b9c48acd3e683ac3be396bdb359ba0398da7a75
GuLoader
396c67d17bdba56c29d4774991879313c236e9db5b9e1173f322d1bd3194edd1
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439
GuLoader
b0240d2ab275a142c3ba13632ebb00fd6cba189613ca85e4d800eb640ef0cd9f
GuLoader
bda7bbc040614aea40e36657bd8f2b28145fa7572e2810455288ad21c95fae14
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
eddacc373c3a12d02cfb1398299eaa3bbb815e090eb8640883dbc67adcd23a80
GuLoader
+ 723 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-e45rr8wy6x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 901006673b6b9803a6bd126224b8abf22e9253860dddcde4b117dddd2caf2e32

GuLoader

Executable exe 0e11032c40b88ae18b88c56392c3e7468971f9c0d19a422c1d626bed2133219e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368658/
  
Dropped by
MD5 dae934b0a4116387191ae4faab1d2411
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 901006673b6b9803a6bd126224b8abf22e9253860dddcde4b117dddd2caf2e32
Cape
Cape
https://www.capesandbox.com/analysis/5613/

Comments