MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e1f954800b77aea6d90e83040398f7481826c533a8650c7d2370d998897e0f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e1f954800b77aea6d90e83040398f7481826c533a8650c7d2370d998897e0f5
SHA3-384 hash: ccf567a3b53d991ebdca0019e2601c9f3008c056acb94989685f22b79d7c80d6c74595fc081c0cfc953f65d5351c63e9
SHA1 hash: f3790e916bf344b080efbb5494d4221e091939df
MD5 hash: 813ab7ead60a5e532af5c65942a4770a
humanhash: snake-oregon-blossom-lithium
File name:SCANED QUOTATION.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:01:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c4215dd360f067d458939d396e261086 (1 x GuLoader)
ssdeep 1536:DhSPfxV40TQees275kgrKHxLdGKc+o0FDHdZ1gIMblSnwKegt8oxgi3Xxb:IPXTYs8pKVdhjFD9zwNXy5
Threatray 1'069 similar samples on MalwareBazaar
TLSH 47B37B03EC8C8A23D50547BD2D934EB83A1C791999005FDF71396EAFAD726912C9B21F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ari-cn.com
Sending IP: 103.207.38.152
From: Rachel Zhang <sales2@ari-cn.com>
Subject: RE: QUATATION AND ENCLOSED BROCHURE
Attachment: SCANED QUOTATION.zip (contains "SCANED QUOTATION.exe")

GuLoader payload URL:
https://filebin.net/1xu1936lh9awcx8g/udoka_dBIUNiSj27.bin?t=u1zue6zq

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6443/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 08:35:56 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fypzksaaw55ou3mq5ayeaomposaye3cthkdfbr6sg4gztcex4d2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
270c10b611fa95a41054622c5caed5e88a7b3ec9c2ffaec93725b95b6d6d5aa3
GuLoader
2a1dd64638dac970b58a8dc939415fcc2a4532211295f1c72370df4df91447e1
GuLoader
4d9b89978e6ca9cf14cb1f04859e01e66c1e0dbefedd1663617647535c0b3fa0
GuLoader
674cac26b5ee006a476669c6857e24a8187ef94945d521c8bbe9069ec74494ba
GuLoader
82e103d51a6261e2e40f59c1d4c3ba819eb02910acb85a76e0de1e739e77433e
GuLoader
8712ec9f1fd88bada735706782cdab6d85f3bf22bda07e5286ab587da519eca8
GuLoader
8e4cb68e8910042eeb4f5f4588a5a76df31cc6b0be9ad55165ced088afc23201
GuLoader
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b97f89957de59d3a218ed617e6acb9136e3279f9dec3f864ec32d9b29b77ec6e
GuLoader
+ 1'059 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4hhkyq3j2j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 41bb57e6f3a54934820c124ec3b80ee0f4830bed3de602fd710f91b00586f643

GuLoader

Executable exe 2e1f954800b77aea6d90e83040398f7481826c533a8650c7d2370d998897e0f5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378996/
  
Dropped by
MD5 1f68b692c3bf70c55a85a953cbb228af
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 41bb57e6f3a54934820c124ec3b80ee0f4830bed3de602fd710f91b00586f643
Cape
Cape
https://www.capesandbox.com/analysis/6443/

Comments