MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a865f21dc1c62ee31df28d89094e9e95d480e2bc6b75b3a6543b2906d975a61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a865f21dc1c62ee31df28d89094e9e95d480e2bc6b75b3a6543b2906d975a61
SHA3-384 hash: e1a29ac0aadf9abca33df199aa5dc805d52c359c7b90dd67f2f8a960a12d27b6a54f82798ff07dd051e0e889a071c2c9
SHA1 hash: e0c3594c62e7d5779f42232265f07217f0c559cd
MD5 hash: 158e012076ec32eb0a768dde159c8cb9
humanhash: missouri-bravo-cardinal-sierra
File name:PO#1037445.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 11:53:19 UTC
Last seen:2020-06-09 12:48:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6781e89faa11c2f4cd4af2c79f6bf223 (1 x GuLoader)
ssdeep 768:bzRJGMjJvbviBqv1xbQDp+a+ISSGb/kSe+yZaD2cPKJrN2drIh:bzbG0D1yyxSGbapaDbPKJwdr
Threatray 1'576 similar samples on MalwareBazaar
TLSH 2A73E61B6D2DAD2BC1B42FF16926648613062C04BB502A6B559CFFBCF7704E23DA7706
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1UNkE35xLR1UJKg0lJJP4Lq6mvy7MvoSQ

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7296/
Detection(s):
SecuriteInfo.com.CLASSIC.5761.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 11:55:04 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hkdf6io4drro4mo7fdmjbfhj5fouqdrly23vwotfiozja3mxljqq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ad4f6db3a7a39ce0c3df5c2424f572c6a24645cd6c40e4446843dba3e646a12
GuLoader
4bed372d49cbb980146b1900cf0e641d7e5e9a72a25afbeea28ff996cb93da5a
GuLoader
5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7
GuLoader
700f698c42bd0c706c968e420ac3f60c70e4cd714318b61bb3118c564f9e2f3d
GuLoader
79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8
GuLoader
81d221135435a226a35c3099f181b6d1b427e72f414b7a8ab89ac8206b2b4959
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
f060225054513f81f7600706174134f5bed19ede10f3134f59514542305c7f2b
GuLoader
+ 1'566 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bcp6g7y74e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/384569/
Cape
Cape
https://www.capesandbox.com/analysis/7296/

Comments