MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bd1ca91461e6bc1297bec8ebc99e516b55f2cfb3feeb3df2ccb6f0376afce57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1bd1ca91461e6bc1297bec8ebc99e516b55f2cfb3feeb3df2ccb6f0376afce57
SHA3-384 hash: 7e0bf5757d8273eec95f7e608c70456a23321518deb5e9aabdadd3e0868b77acf132d83090007fe425a208eff5643258
SHA1 hash: 16f98f365383d24540a5fa0c4fe8e6eeb248410c
MD5 hash: a97d82c0d5c9272c0772dd4b8553c259
humanhash: india-undress-magnesium-snake
File name:Swift Copy.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 15:48:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3fadd523181bb6678f7ee08fd8d9c7ac (1 x GuLoader)
ssdeep 768:Ako2JU3B6RuUtgXfVYd/XkXjr+TKFi8HEtHhEkm5dSOZY4yEVNqEYaH8:Ax6MUt0eW4KE8EnmzY4w
Threatray 325 similar samples on MalwareBazaar
TLSH 01934B8371D4EA33D2154EB12B26D79416B7FC70496DC95769D03B6E2A3AF03E92031B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: arek.kz
Sending IP: 45.35.196.137
From: Brian Alex<kence_stmes@arek.kz>
Reply-To: <kence_stmes@arek.kz>
Subject: BANK SWIFT COPY
Attachment: Swift Copy.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784785-0
Create hunting rule

Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 03:55:38 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dpi4vekgdzv4ckl35shlzgpfc22v6lh3h7xlhxzmznxqg5vpzzlq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
178bba892544670c9b347112461fc5443e02bd5a7685c9c29a4218dcf64eb25c
GuLoader
1a9bbebde954b27cbf6006128e1a22bdfa81d4ea853ba99bab4ec3333ea0bb89
GuLoader
2610754a99eb906bc26243eff669ca156c0b0cfb56875fc93ec17a607c95cfb4
GuLoader
514de96ef99941a0c9712622848b687b402b0635a4bb45cf1cee0002fe8cdfcd
GuLoader
57aa81416cfdbd76df2a15cb14810f8529ecab0eea978210a4ef3047f35a225e
GuLoader
8b855b57f8cd532db46946a38f929e5e5d43d7c1c5ea09a5b51c21097143a282
GuLoader
9a8b757fa40f9f6ee20d070db2801a48b9f7129ca385d6b52bb754cc8b72920b
GuLoader
a2c804408646e8c0481d3ba30a49482721857f540ecabc32c1de77cb91860c64
GuLoader
e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b
GuLoader
fb01851fc2be012833865bd37f81fa98f6a27131bb660e5b01c5eedb8070ceab
GuLoader
+ 315 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2hdtgrhmgs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 1bd1ca91461e6bc1297bec8ebc99e516b55f2cfb3feeb3df2ccb6f0376afce57

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments