MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f4f292a787841cda822a4a5c98b4dc3ed242d0b9051af0aaaf26baf707082c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f4f292a787841cda822a4a5c98b4dc3ed242d0b9051af0aaaf26baf707082c6
SHA3-384 hash: 6df7a256736640e75fb7b3bc88bf68be93839e8e72782c70fdca3f5e9aac52142d419e33af77184d98fb86d3aef62a27
SHA1 hash: 4c8c30f63ee59e620f07301c76ab04e00089ae5a
MD5 hash: bedddf8c7ff586c5ee4293e23a8edafb
humanhash: violet-five-minnesota-table
File name:SITU9145.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 06:48:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0b995da0e5ef3e9100eefce47c7eab18 (1 x GuLoader)
ssdeep 768:bpIYGMjJvbviBDusaRG12I71u8lXcqgjvGV34Cgi0zOjDRs6lVgo57yOzNT6yE:bptG0ujj1VRu8Kc54CiOPRs6VgoLE
Threatray 853 similar samples on MalwareBazaar
TLSH 74535B2B6D08E953E16447B02972C5A52B19BC28C502BE4B3E9C7F5CEB312C77DD721A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mendenhall.ml
Sending IP: 103.125.191.107
From: Matt Faulkner <matt.faulkner@visserprecision.com>
Subject: PO 5008345 Vit1B Order
Attachment: PO 5008345.gz (contains "SITU9145.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1yVGUzKy1Mw4SIGXaDwFDnTpdxRp7Exr4

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7455/
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:50:11 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f5hssktypba43kbcuss4tc2nypwsililsbi26cvk6jv264dqqlda._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
1b476c8bd4604f9eb16f852bd2a7770520789b8740195c32b30f68dcfc9e91e9
GuLoader
1faaeabc23e415ec50a9fb89feaf02f6571f9c29cc086dd465e464c6f62fab73
GuLoader
5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7
GuLoader
604cdf637c64c8862b506caa60d1a66b02f97127dc265c6943cadd126fc32f14
GuLoader
7f7f93ae7c3ce6bd7d154c2e2188bd39c7d511df8fc890e46085afc34acdba2b
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2
GuLoader
+ 843 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-w8s5y2zsbn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f29a62a1dd9f7e6cd9dfa92e697adbf83c8395c0b16b8ececc5d281944ffd4ec

GuLoader

Executable exe 2f4f292a787841cda822a4a5c98b4dc3ed242d0b9051af0aaaf26baf707082c6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385261/
  
Dropped by
MD5 062e4de446bef26b3c7af890d3a34ccb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f29a62a1dd9f7e6cd9dfa92e697adbf83c8395c0b16b8ececc5d281944ffd4ec
Cape
Cape
https://www.capesandbox.com/analysis/7455/

Comments