MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
SHA3-384 hash: ae65fe9a9785ad1ba34ecd539e458ee2e0a7488412c392a44557f99edfd99dffda3205d50c838312c2cb1f673b3ef493
SHA1 hash: 900e875c451cc682500269dc0a2c3bcc95e5e607
MD5 hash: e86db1d0255a77fd9587658094d37cec
humanhash: whiskey-massachusetts-west-vegan
File name:PO.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 13:17:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c43fbb9752123c5694ab7b6601f1a8bd (1 x GuLoader)
ssdeep 1536:AAp1BIxxNk59hCv6CV59JjhAI2/EZjN06BpvOLHXv74Hai0nbPQCEmiLYFY:JLcjW9gv6i3phNDZjPS3z4wnRY
Threatray 5'107 similar samples on MalwareBazaar
TLSH 9A144B35B296CC7AE94044B4E8D1C8F45DA1BC11C9138A2B72C17F6E717A183BD2A77B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 134-0-117-239.ovz.vps.regruhosting.ru
Sending IP: 134.0.117.239
From: Rafal Gasior <dsm.mahmudul@athaque.com>
Subject: Orden de compra 2003161-0 #NUEVO STOCK
Attachment: PO.rar (contains "PO.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Luq-19sOnMgZ8ZZ2Jq05a8M8oOBPwKj-

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5867/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.17013.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:37:25 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
64379371f079edd1bb0d1a26a98e0a487c4e89a468f60674d803f929d24d3ecb
GuLoader
6f4b543bdd425e2cb35fcc06f79dfac486985ae0d84133c34e0fd01b3a2c22bb
GuLoader
8606768cb758ba8379659f65220250ebc1c491dabd668e7f98663571419cadf2
GuLoader
8c57c150d120c496a04aaad020b5458e8eff5f3fd69704a581360c785288c8d0
GuLoader
9b727d12d8d7a5568f0e1e4aa4d5e50365e7de1a213f672c68db74aae0f68246
GuLoader
a0c33533f61ee5c6065bf97a8e821512778417f2d51b205637af5324a68aa162
GuLoader
b189f4b81e32c2be2c252d6f6ba160bf8566aa74be9642af4af5e3b424be54ca
GuLoader
b43bca6dcc03b6c289b15fd6dde4bde2dee13d024f08b0ca47efefc9d9aa3d8c
GuLoader
bb7d7db00c98fc9b833c3da4a614e726380c6d0a8d5fe45e12ec4209ddf85806
GuLoader
ce6d1fc239eb571fde9427c0d7f11d7b6a7a1c0466711524b690ca0de3556a6b
GuLoader
+ 5'097 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m3d2hgmjn2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 1dc020a18521f163738c27487393fc4825e0bbeadf858318f45d57e764034b9c

GuLoader

Executable exe 2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370978/
  
Dropped by
MD5 a029e9690fd9d53a77607c75afb977a5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1dc020a18521f163738c27487393fc4825e0bbeadf858318f45d57e764034b9c
Cape
Cape
https://www.capesandbox.com/analysis/5867/

Comments