MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 248ba6c5364fce23c229d458ec8ad46acf075e11eaf81baa4f44b2b9acc3b88d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 248ba6c5364fce23c229d458ec8ad46acf075e11eaf81baa4f44b2b9acc3b88d
SHA3-384 hash: f598cb0845c415bb5df7cc9691ade9f44e2b5ad45a6fcf1727e8403e4b3f798d02eeeddd2aa79599a6a2763d8d2097e8
SHA1 hash: 0c56543adce671f62de2a1ed97f9139523ceaf15
MD5 hash: ef8d532cfef958d876fa14189d6ae9d8
humanhash: hamper-salami-ceiling-harry
File name:046COMGIRO118087 4680000.pdf_______________6744646.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 11:53:24 UTC
Last seen:2020-06-09 12:48:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ebb53be60ad025bd59623ba8eab0830a (1 x GuLoader)
ssdeep 768:b8V1GMjJvbviBpSEi8B0t0cceeo9/+sLNGFbjXRqe+yVnPN4zOJrPjxqp2hR:b21G0KSX8B0t0cv/NObZlnPCzOJEp2h
Threatray 733 similar samples on MalwareBazaar
TLSH DE73D617BD299D2BC1B52FF06826649613052C14BB203A6B5A9CFF7CB7B04E23D97706
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1XiCrsA6A5iu3J0wNhKbo-PJawDWL1m5i

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7297/
Detection(s):
SecuriteInfo.com.CLASSIC.18996.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 11:55:05 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=esf2nrjwj7hchqrj2rmozcwunlhqoxqr5l4bxkspiszltlgdxcgq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
2a058410467d9a9aca36e588d9e3a0436b90b949c352f05ace83aa244e2567a2
GuLoader
7a31d09cfe9943fd971a89ab3e411ba085d3cb57bf27b0a8d1a591e4be6f9102
GuLoader
7f950bc31a7a30c03b8e703b1f59673a787674452e9c258e8343f9504486a559
GuLoader
aef1b48a6c4077dd71346018f0fbbf86239a35f34babf980e4469da9ddbf42ac
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
e8f205cb55b6e064b6252572493b15776b339d9118f182d220731077629e8bbf
GuLoader
e97c8416fc63162b69167c2b4f51f82ae6aacc8e4276b76ca5b775ba2ec437ea
GuLoader
ea03bddaf3ee776f78eb33a3ff355cc2ffdc9a610ab086d49f28dffce00d8c99
GuLoader
+ 723 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-rkz8x9lpfj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 248ba6c5364fce23c229d458ec8ad46acf075e11eaf81baa4f44b2b9acc3b88d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384563/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7297/

Comments