MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c637176e4fd852b1b21eecdc9551ea08f4a0e42d265a22cab1cc4af8609e841. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c637176e4fd852b1b21eecdc9551ea08f4a0e42d265a22cab1cc4af8609e841
SHA3-384 hash: 8aa344ec319f885fcd19b0cf146973d8fccc745609d1e8079d4325374abf061659dc77bc8319a6db662a9355d8d28602
SHA1 hash: eb4a3ccbc8ae16479526f10b014c5552493c77b6
MD5 hash: 4435dfbedb0b7ceb0c0bf5036b472215
humanhash: south-eight-pizza-wyoming
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 10:47:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 716739416d9336d09b0fb1d705a5950a (1 x GuLoader)
ssdeep 1536:UlSPfxV40hCRJrQD3fkgrKHxLdGKc+o0FDHdZ1gIuPZybzO0M4Lr9j44U:LPXkDEDvKVdhjFD9zcHOJ
Threatray 692 similar samples on MalwareBazaar
TLSH 05B37C03EC898A53D1844BBD3D178DB93A1CB8194D001FEF72796E9BBD316522C9B21E
Reporter abuse_ch
Tags:GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yugana.daxa.net
Sending IP: 111.221.42.94
From: UNIPOWER | Logistik | Jakarta <team3@dskusuma.com>
Subject: PT.UNIPOWER PRATAMA- INVOICE 098/I/VI/20- PO.9100326941
Attachment: बंगॠन नॠसा मंदिरी चालान.gz (contains "gunzipped")

GuLoader payload URL:
https://asmobilya.com.tr/AmHome_bhPixbUN54.bin
https://cmdtech.com.vn/AmHome_bhPixbUN54.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6518/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 10:41:01 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=drrxc5xe7wcswgzb53g4svi6uchuudsc2js2elfldtck7bqj5baq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2eafd2db3852f320398ef9bbbab1d291e52e75bba78e3fe21c0fbffe385ba865
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
7c4fd841e891e2be6f0757679701669e927c58aedc94de97104666f0e89f6b04
GuLoader
81da3c108aefe11adace6bc0241351dd8c0afeb567801f323a2f4b4acc00c61f
GuLoader
88c0ef97b6edb3f676523e57ee95a23604efc28ef3a9db916c2123c793b44571
GuLoader
8a92e6115a329e47ab36222d86ea3f58f56b0a58b1010d2da280067346f38b21
GuLoader
f708f99bcb86bc017f5b34435a241cb77fa4bc4c37d47b85f1ecc43e9ddc365c
GuLoader
f990daf6364d6aeb0a8482a8fdab098b5790f29f2f34dd38ef4a83ac36827fe9
GuLoader
+ 682 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-85k5q9f47s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 363391a6817fc651fc4b7b640a48f0756b48eb7865ea83519be21b431aa1595a

GuLoader

Executable exe 1c637176e4fd852b1b21eecdc9551ea08f4a0e42d265a22cab1cc4af8609e841

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370271/
  
Dropped by
MD5 20cf21d05bf9c06ef4ea105ef5b2b80f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 363391a6817fc651fc4b7b640a48f0756b48eb7865ea83519be21b431aa1595a
Cape
Cape
https://www.capesandbox.com/analysis/6518/

Comments