MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 291ab03f4f24972f2c8d777dd0a76bf603153a6457947f6eac0d8dcfac95e426. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 291ab03f4f24972f2c8d777dd0a76bf603153a6457947f6eac0d8dcfac95e426
SHA3-384 hash: 1614551e2eceac6e90d305dd480773cf85700110cafacc12f33d899f44791f61c125fbe456af504fadc27db8a8390556
SHA1 hash: 142e9f11308966bdee093f4fe46e5dceed354225
MD5 hash: 0ca324ec2f17fbfbf9b2f51feedd6662
humanhash: kansas-failed-nevada-blue
File name:JUNE INQUIRY 2020 BULGARIA.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'248 bytes
First seen:2020-05-21 11:15:06 UTC
Last seen:2020-05-21 12:24:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6d58254a55071e892c69276d500879e9 (2 x GuLoader)
ssdeep 768:4SkPkDibhmjuGk8PIKQ1jJBxhh77B7NAKPIu7q+OF2S8j8QjuVtSYVAFJbSLi:KwibhmjHk8AKobpvrlqlPHQjStSVFt
Threatray 718 similar samples on MalwareBazaar
TLSH 8C330711E6BAB072DD248EB10E757EA85066BC709652CC0BE8443B1E9932F02B73771F
Reporter abuse_ch
Tags:BGR exe geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: clean208.mxserver.ro
Sending IP: 46.102.249.145
From: vbojilova@nsi.bg
Subject: Спешно запитване юни 2020 г.
Attachment: JUNE INQUIRY 2020 BULGARIA.gz (contains "JUNE INQUIRY 2020 BULGARIA.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Prhm9cb7iaT9qLqsKPENuUzHi2yiqCvc9

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.671101.7982.10475.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 11:36:48 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2a46d6c287851041f7a352051cadd95de3379b8878191c925f7d423a475936e6
GuLoader
32031ca4487b08af41a597da7d22c05a3d4f676c33119c057f3f4a1431217887
GuLoader
3c6d1adb8c659c6608e4fa44fe880adb352bd9e8491430b4f559604fd412e181
GuLoader
4bf2f4dd9ecaa28ecebae186a118cf66f8fce7ee8790351ca7224516ff47010e
GuLoader
504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708
GuLoader
5d65fcb03519e2de623db04685570406c586ee4d121c9381910932cf2e1bd344
GuLoader
7df6cffe72503e47063c3b80da0e2df2d3932fa50cb08daa8f0d0aa8ec7d8184
GuLoader
a5bd1ac8e6458e40e63cf558145dbd06cc2700d97f9ed3ae5a161b165ca6c035
GuLoader
c58594d414c882ce33499233c2f508789e5fa4d91b79ef01d763012e39d7b095
GuLoader
da19555286a99fed6a4a84c0c4b76e793618299f6d4cc2fe31373ddc033d8dcc
GuLoader
+ 708 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mp9yf51wa6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 7dcf44e8549c9be9e68b64e89d1f76b9fbf45dca8db2c1e518a59f3406f9a45c

GuLoader

Executable exe 291ab03f4f24972f2c8d777dd0a76bf603153a6457947f6eac0d8dcfac95e426

(this sample)

  
Dropped by
MD5 222a97dc68633d6e65ed1f5f0b5230ef
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 7dcf44e8549c9be9e68b64e89d1f76b9fbf45dca8db2c1e518a59f3406f9a45c

Comments