MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ccf8c8e41e08d5a8152659ca2cd6348a15c126ca4571129d4a118de63d45f80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ccf8c8e41e08d5a8152659ca2cd6348a15c126ca4571129d4a118de63d45f80
SHA3-384 hash: 7c9b5de920fbe3ebe000341344be919c27398b6bb14cbc3302239a0a13b0c7373fdbcb9b69ea69a774cff7605e9439cf
SHA1 hash: f79d62727a698d8360da2fd4f872f82fe451f419
MD5 hash: 3f2fd6c7f2735d8ebba0984ef18f67b0
humanhash: may-jupiter-fix-tennessee
File name:Sri Lank Inquiry Order.pif
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-05 13:41:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 776b8356f2fccf1bfac204822980b612 (1 x GuLoader)
ssdeep 1536:dDrdLtw+5J/BGPwDwvETDeOeIdD42u/vK:BrdhR7Ec/eOeEh
Threatray 5'163 similar samples on MalwareBazaar
TLSH 91838D13FD0C8592D0494AB52E139D991F376D184882EE1B7508BF8FFDB138368AB21E
Reporter abuse_ch
Tags:GuLoader pif


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gogoomail.info
Sending IP: 106.75.116.192
From: Dag Groupage Services (Pvt) Ltd<purchasemum13@executiveship.com>
Subject: price request
Attachment: Sri Lank Inquiry Order.pif

GuLoader payload URL:
http://ratamodu.ga/~zadmin/group/apsfb_BwRMswJ149.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6706/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMGX.13972.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 13:43:04 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hthyzdsb4cgvvaksmwokftldjcqvyetmurlrckouuemn4y6ul6aa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1004b3957abb87dd5bd6a77a0b65930f32bb27a7121a10715ac8ca170619b024
GuLoader
1e7f88a0e73d63b2f6bbbb4c009b1eec11999ce62da1d3122473cabd502134c2
GuLoader
6dab870a5c920547d6a8a343244b15e61a764f4714a438c4212db404dc18f278
GuLoader
71143c4b78e1626ce16fc67c88e5237afe61c74ed256712f78aea97b79c5e890
GuLoader
7f97b36a796167d7d641a811c64ac23e7ff9998422308aec6d5753b9625f3729
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
afa6acb992c2a3a3ee436a4627f8f5e0feed8e6a77dfa4ed6715069f12aef650
GuLoader
b7853fa1e5921dd495975f697eb17ec18253ac022980855730598ef667ce9c2e
GuLoader
da32993754454442eef39fdeebd12d93d25299369f4db9c8bf64b6884a07c4ed
GuLoader
f2e90acd9eecf1318a331ed9d7459caaff437e46c00ab2757f313d09002a4f94
GuLoader
+ 5'153 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vckd7ajh6s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 3ccf8c8e41e08d5a8152659ca2cd6348a15c126ca4571129d4a118de63d45f80

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376008/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6706/

Comments