MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26696d196e986fff9dee1658e3a502745410101d3709ec129be7d100fcd8f526. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26696d196e986fff9dee1658e3a502745410101d3709ec129be7d100fcd8f526
SHA3-384 hash: 2fdebf91b0f06bcdb08b91e94bad77973b9c0f61fb81657fcd9701155259473efa61f79194eff6a04aacebaa29cc7bb7
SHA1 hash: a25c03320d1c1ae68dbd4e55c558fb2efd69d886
MD5 hash: 1ac773f0be912401807146c6e65e4f87
humanhash: high-august-michigan-harry
File name:Heterosipho.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 13:28:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 19c97c1025e3c3c5ba5c80b7d881220d (1 x GuLoader)
ssdeep 1536:UBSPfxV40RHirCDHkgrKHxLdGKc+o0FDHdZ1gIV8ZIFF1hOLAr2Dp:3PXRHVKVdhjFD9zWKNILpV
Threatray 1'007 similar samples on MalwareBazaar
TLSH CDB37C17ED0D8583D0484BBD2D278E793B1CB92D0D015BDF613AAEABED716412CA721E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dns109225.phdns5.es
Sending IP: 185.68.109.225
From: Ali Hamood Al-Marhubi <cherrysammy101@gmail.com>
Subject: FIND ORDER FROM ALMAHA
Attachment: PO ALMAHAPDF.ARJ (contains "Heterosipho.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1JB6-07Y-2ABgBQDUUS0Ohd85ph1XbBG5

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6318/
Detection(s):
Win.Malware.Generic-7998112-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:24 UTC
AV detection:
21 of 30 (70.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ezuw2glotbx77hpoczmohjicorkbaea5g4e6yeu347iqb7gy6uta._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0724bc0b4abf5e1ae32a9fb01f6a9e18b6d5f086f8b19c3d41cd172fbf57e6bc
GuLoader
24ebf6b9c1e61b3bdf58d0678683a8cae05860849a4d8b58a089af47a5ef67f7
GuLoader
4408a236c1a945807f223863ff6e940659dadb964e3cd15fffee9f9a0b4f7530
GuLoader
568da887725ccfdc4c5aae3ff66792fe60eca4e0818338f6a8434be66a6fe46d
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
6715e87f7070a2d7b5b2c71e98a7bade689a504aed3b95654af3494248a501d4
GuLoader
7d7ed3c072fa7c497d96ae8559d877713278100e6e221bb913878665088965fa
GuLoader
9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e
GuLoader
c8bdfc9eea22464897b3dae7829464348f27a1ff1989cf33d1de95bc0a99527f
GuLoader
f6c4c54e5af63b2b0f393830ddbf2a985289eb9bf6cb8a65ee7d68a79ddeb7f7
GuLoader
+ 997 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kt7nrm8rqx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 1dd61e13d2874faa5067bb0ea4ccf20de4a640ba8437378e18317275ff848819

GuLoader

Executable exe 26696d196e986fff9dee1658e3a502745410101d3709ec129be7d100fcd8f526

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376188/
  
Dropped by
MD5 234c0abb62f017f731ea6021f7e6321f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1dd61e13d2874faa5067bb0ea4ccf20de4a640ba8437378e18317275ff848819
Cape
Cape
https://www.capesandbox.com/analysis/6318/

Comments