MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bce2cb71450f3924688d64791d70feaa8a49e25784d3d64451b3b1d2d25cdbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bce2cb71450f3924688d64791d70feaa8a49e25784d3d64451b3b1d2d25cdbf
SHA3-384 hash: e3539796b7a9df4f192b61d3094fee1c1d084276600573f7c6798425cfadae7207686f782d8a1c5cbb119796b2719e18
SHA1 hash: 38bd42865fd5dcd13996cdd6e2cd8ebfb0e4db66
MD5 hash: 3d812028d1c05c64a8cf8018e1b9deb0
humanhash: football-yankee-tennessee-alanine
File name:Payment Advice.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 05:30:33 UTC
Last seen:2020-06-10 05:35:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e63fc791df6dccd4f680d8b793c7123a (1 x GuLoader)
ssdeep 768:bLxfGMjJvbviBGiJq4wFoq+oXL/y06Os3+91DbW/mWPNT6AiE:bLRG0yqjoOy+91DU
Threatray 996 similar samples on MalwareBazaar
TLSH 74534B1B2D489A53E0608BB03E6AD2A12719AD285505BF4B3E5C7F1CEB716C27DD331E
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7508/
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 05:32:06 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hphcznyukdzzerui2zdzdvyp5kukjhrfpbgt2zcfdm5r2ljfzw7q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
4320e2bf2bc6115ae79a52777bdd9aef62db691a756640f9c7fa6e8372e46193
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
a0c5ec02160570545c6eb2b81cbff1db49cbce0d90ba6e567b42e1a3e3a7076c
GuLoader
c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
GuLoader
c98091ed44cd76e438ce2e7a9c71b57d37ff45903d365162040af94fa143b9f5
GuLoader
dc352fba70b027e2bfd420907be5443af811848df52a16a4845b2caac3ad8d2c
GuLoader
de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 986 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-81gvmd49sj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 86cfb86b54c8aa166bd969dfce431459792f24536c6c3277869a83334893e7de

GuLoader

Executable exe 3bce2cb71450f3924688d64791d70feaa8a49e25784d3d64451b3b1d2d25cdbf

(this sample)

  
Dropped by
MD5 04fecc967999a191e734adac628a237a
  
Dropped by
SHA256 86cfb86b54c8aa166bd969dfce431459792f24536c6c3277869a83334893e7de
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7508/

Comments