MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4
SHA3-384 hash: b719de0153a181fe77bcfe95cc7b713e1b325837f757ecba59a81cd8a2676fe9bc9f78c0bd303e8cc8c659a3b947551a
SHA1 hash: 409cf74fc1e70051adb934141b720d0a0bdc3a17
MD5 hash: 6843bcd97170ac6730c0362c33248cc2
humanhash: stream-tennessee-massachusetts-sad
File name:Bank detailsSOA.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:30:25 UTC
Last seen:2020-05-28 09:27:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4016932ffd17820f620758f19522f48d (1 x GuLoader)
ssdeep 1536:nDtASR3WvYvRZGNtm35R50xxu/qTiQyUnHa/7ypVrtwOqMpX1s:Dt/EvYpZCtIXqbusivUHa/AS
Threatray 5'283 similar samples on MalwareBazaar
TLSH F6145B32F296DCA6E54488B4D8D2C8F41861BC51D9164E1B77C07F3E32BA183A97773A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: da.databaseapi.live
Sending IP: 45.95.171.161
From: Rafal Gasior Trading <dina@outlook.com>
Reply-To: Rafal Gasior Trading <alphakum4@outlook.com>
Subject: RE: URGENT-Confirm Account Details/SOA Feb-May
Attachment: Bank detailsSOA.zip (contains "Bank detailsSOA.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=17PcDPr-a36IW9HCThg_icwoV-Rka5uSb

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5822/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.13719.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 04:05:48 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0098bf2ef8230d9bb30b451868272ffb271fe63a8c248bfc9ce569991c19f279
GuLoader
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
30efd997c49aae97766539c72d72529b06f1e8522ea84e71758cde4ed1846921
GuLoader
4c23bde9d70af07e072c01489007afa4ba4c3672b168e2846f5c2b74c4a9c84a
GuLoader
5620eaea502dcc3bc31e10dc48478022f518a15956a4b6565c454dd062859eff
GuLoader
5e76ddd6dfa4215c3dbd7269318d15a5e5fae698e65600df0aa3f16639d8fc44
GuLoader
7a760430295f2983742510a35642ce550c0bf4f8f9632f027bbb11de037126b1
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
GuLoader
+ 5'273 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-crkbq7wh6e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2c17e3353229a19a0a5ba794fe3bf4adfbf9fa013173508bc49fa533962d7754

GuLoader

Executable exe 14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370300/
  
Dropped by
MD5 6845251193c0efeb80346b90b1928bfc
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2c17e3353229a19a0a5ba794fe3bf4adfbf9fa013173508bc49fa533962d7754
Cape
Cape
https://www.capesandbox.com/analysis/5822/

Comments