MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30ffce543f13fce23c61f63f8a6783b1c3be723377cb13e13bf033cbff8b904b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30ffce543f13fce23c61f63f8a6783b1c3be723377cb13e13bf033cbff8b904b
SHA3-384 hash: 6d8257dad7b593f1fe67e06921bddbe291ac675bcd2d3968b55b8a852201878d9ce29d45139e9147ee99db19f731f3ee
SHA1 hash: bd5cebe371f2e2cfc499487e2f7d2398272ec5d8
MD5 hash: 3b5e108bd850adab0e8c8e87146de28e
humanhash: island-football-king-nineteen
File name:WJ_quote.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 12:14:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 13d85f6c120a29623553cce12eee5ee5 (1 x GuLoader)
ssdeep 768:1n8R+P7c/k/RG/0DPho/Q5Onj1oz5LccrCV/tM0g2526N08G3KOhtHxEqCRTSepw:1A+t/R64uoLccD6NxGa6YqCxc4yL
Threatray 5'116 similar samples on MalwareBazaar
TLSH 00933C16B7E0D032E6098AB12B269BD8056BBC705D5ACD0B67D03F5D2B76E13E42631B
Reporter abuse_ch
Tags:exe FormBook geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm39.hanmail.net
Sending IP: 203.133.180.227
From: 한석 이엔지 <ljm-ms@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: 05-12-2020.img (contains "WJ_quote.exe")

GuLoader dropping FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.22011.32026.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 12:41:59 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gd744vb7cp6oepdb6y7yuz4dwhb344rto7frhyj36az4x74lsbfq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
12cb6d99b66fe413685b633d1238a5695aa8dc77489bb8ab23f8dd15012a0653
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
32b9acce63789d2b83866bca1e45f827835ce2f8c2c61fe79d809c441153058d
GuLoader
4dcaa189e4b595f7c2ea35bf30bcbee49f9f9c2a3bbe16d832a30c8df30c2a88
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
93be0ad3d1ed15ca1f261a5a21ed71098bc299727ba8e17255612d429dbd9f8a
GuLoader
a0c49ccef1033cbd0119355f93a8109dccf48d53f0fc155e152efaa7ebf44a5a
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'106 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bsnkvjtdmj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

d55f8c9522315c0fe599d4e625276b9f

GuLoader

Executable exe 30ffce543f13fce23c61f63f8a6783b1c3be723377cb13e13bf033cbff8b904b

(this sample)

  
Dropped by
MD5 d55f8c9522315c0fe599d4e625276b9f
  
Delivery method
Distributed via e-mail attachment

Comments