MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fcd1b468fe2159ca2ca63eaa81655f59ff8f63e3bbd6d7dd789807f7776e0bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fcd1b468fe2159ca2ca63eaa81655f59ff8f63e3bbd6d7dd789807f7776e0bb
SHA3-384 hash: 6b74ae9371b79cbfc3ad60acb59562408cd249c04bf40e318162d3ed7e56c5a64feaa8eed113b8a5ed9398352c2308bf
SHA1 hash: 416768279b193d62c7dcda480fdfffbf4fb333f3
MD5 hash: dca9db52c39b48365f1d82a9358efb59
humanhash: lithium-zulu-echo-xray
File name:Request-for-Quote-PO-8120475-May-Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 16:19:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ddd91f087bbdb044f9b93b674a540ee3 (1 x GuLoader)
ssdeep 768:A4yzn/izZ67T+5KRSArKYPC1ghfEMHfp65M2eXmEu8P0pM3HHF:iqzEPElKhfE75QmhSF
Threatray 124 similar samples on MalwareBazaar
TLSH 5A934B4675E0D122E2198EB11F7BA798199BFCB819098A0333D03F1F6676E06E92171F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm38.hanmail.net
Sending IP: 203.133.180.226
From: 김주훈입니다 <yjn5750@hanmail.net>
Subject: 견적 요청
Attachment: Request-for-Quote-PO-8120475-May-Order.img (contains "Request-for-Quote-PO-8120475-May-Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45738.29652.32752.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 10:09:38 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7grwrup4ikzziwkmpvkqfsv6wp7r5r6ho6w27oxrgah653w4c5q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3ec48308cb3200731f34d1424d1724b17c1fb8b93af66b1597f7556ad335f5dd
GuLoader
53e239b6031b90ba0da5ad4913eccc1d651ede3bb4b5c21a02d81387f48303d6
GuLoader
720004239ef0cb716b2f0d8793cfe7fb06d408cd5c598a6c726aab7f21c0bad0
GuLoader
7cc0c6e489cb1b2d1dae70339b9409f9a54fa7d8920430490663b6f28ea4a7b4
GuLoader
87fdcca436e0e9e220acb51332720668c04460d48d1791368e734c1539bd1f77
GuLoader
9802e8e7e84d1f454d72be9f937a7ad59230de4819f94535c7219bc347c587e2
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c22798f361a044104ff74ee848901f492c204cc185bcd865598677ddd62021b2
GuLoader
d98c94265a32705781c3702b0c93298fe71325cc0d3b8ee5b59a469b412e5263
GuLoader
f8707020bc0b78ae0fab3bd9794993c4cae406d9f13fcb6098f3321cb6bba515
GuLoader
+ 114 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-29rgsccj7e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

e3b76dbd82f1ce429566ae509cd064b2

GuLoader

Executable exe 0fcd1b468fe2159ca2ca63eaa81655f59ff8f63e3bbd6d7dd789807f7776e0bb

(this sample)

  
Dropped by
MD5 e3b76dbd82f1ce429566ae509cd064b2
  
Delivery method
Distributed via e-mail attachment

Comments