MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35de9956cb66110ef820db84e9eb9af8ea161f63a7ccfceb482c21299db67e9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 35de9956cb66110ef820db84e9eb9af8ea161f63a7ccfceb482c21299db67e9d
SHA3-384 hash: b16a4bc634f30b14d425e28b323d0dccb1220b50d35b1da070d4c1422244240379def53fab6f21e48b737a580883b199
SHA1 hash: 3e5040b79e1560138077a8b923b95b7c9bb16b8e
MD5 hash: 6b50011083a80534c0ca3b0a786d249f
humanhash: music-uniform-yankee-one
File name:Payment Details.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 16:28:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 401496c24c0f17d805cb39fba6623b58 (5 x GuLoader)
ssdeep 768:vkTnndZi/pmtuHMlV/Vyq5jskYqIA9Da0AydHKfaYvHXWwcEyRmP8Ha:AnziBnslJXxs9qIAZAyqaDw1yg
Threatray 377 similar samples on MalwareBazaar
TLSH B9933B53B6D0E563D6328EB05B29BB98055BFC302952891379E43F3E2A36F13A91531F
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.aquawetsenterprises.com
Sending IP: 45.95.169.142
From: Accounts <info@aquawetsenterprises.com>
Subject: Re: Payment Details
Attachment: Payment Details.rar (contains "Payment Details.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 07:22:15 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gxpjsvwlmyiq56ba3ocot2427dvbmh3du7gpz22ifqqsthnwp2oq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04f9b7ca41ecf60e77f0a4a2c38a644c02b913b6958e0c22c0fe2773dbf7acbb
GuLoader
153df3fe76a7a30ea0cad977d5d8bbd667c91eeff663235f5e64b6ed27be9eab
GuLoader
2679b68e7d2bc1eff0bb4969fc23081d38f08b72510107adcb18a2ffaa9ffca8
GuLoader
30ffce543f13fce23c61f63f8a6783b1c3be723377cb13e13bf033cbff8b904b
GuLoader
3f156e6cda9e6e1a358cc2df660cffcce106b627e74362bc6fa817208f626b74
GuLoader
47bd044b43d50313e7cb86aa0ab8e63cbbb1673ea0813657fa4fcac76947caaf
GuLoader
53e239b6031b90ba0da5ad4913eccc1d651ede3bb4b5c21a02d81387f48303d6
GuLoader
720004239ef0cb716b2f0d8793cfe7fb06d408cd5c598a6c726aab7f21c0bad0
GuLoader
87fdcca436e0e9e220acb51332720668c04460d48d1791368e734c1539bd1f77
GuLoader
f8707020bc0b78ae0fab3bd9794993c4cae406d9f13fcb6098f3321cb6bba515
GuLoader
+ 367 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2lm613e23e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

5b02a67780895f5c9d6259639196ae83

GuLoader

Executable exe 35de9956cb66110ef820db84e9eb9af8ea161f63a7ccfceb482c21299db67e9d

(this sample)

  
Dropped by
MD5 5b02a67780895f5c9d6259639196ae83
  
Delivery method
Distributed via e-mail attachment

Comments