MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0
SHA3-384 hash: 6492765436c4971b89b499364a09bd9139463aa12859864f0958d97364944377f4dedef255f7242f926099f94aa4f10a
SHA1 hash: 3fa8fd71cff54cb0a9063e9bb13015a4f0200570
MD5 hash: fcfb187c013078b3d5e04c845bbe0691
humanhash: tango-asparagus-table-steak
File name:VESSHSN225.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:29:27 UTC
Last seen:2020-05-28 09:27:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8031a033ec7af9e4782dac597abbdce9 (1 x GuLoader)
ssdeep 1536:USgk+GnX3QdpErM0XYvCIamrGYOi8H2ApmzesJA4+vIFOUo/RFLfIvfs+5IkjF0H:3rVnSpsUvCBmAk6sMkSRio
Threatray 562 similar samples on MalwareBazaar
TLSH C0145B36F667DC72EA4144B5E8D2E4F80851BC05CC0BCD2B72C1BF2E75BA192A916736
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: whm.mastertindo.com
Sending IP: 103.103.192.221
From: Kwon, J-H <J-H.Kwon@wilhelmsen.com>
Subject: Fw: RE: Vessel: KSL SAPPORO / Requisition No.: 20R-0114-1 / Supplier Code: VESSHSN225
Attachment: VESSHSN225.zip (contains "VESSHSN225.exe")

GuLoader payload URL:
https://cloudfiree.ga/mana.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5818/
Detection(s):
SecuriteInfo.com.ArtemisFCFB187C0130.14803.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:47:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d
GuLoader
11124347d4a19a4f709bb4ebb2f9c12873f4f079ef3d5e60e18fa9a975302c70
GuLoader
2b2166f900572c98775661fd3905d86451e7470c2e548fe234f20f2069c93331
GuLoader
42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58
GuLoader
8b04dcca28022f6065a0aab229d6fb466ae313dc5dda21b0a7222225d0facfd5
GuLoader
9b4235ad000e2c60ee36599e355a2f7102a4b943db1075e02ff1036c0bc0ccda
GuLoader
a1e8840b05e211a9aa314ac0d4359068094bd9016c77b43591bc543b37e7022d
GuLoader
a58514d885d493ebb627f107f0a3ded181311e153038fdc1626323bbea512f47
GuLoader
c2fdcd6737639defbb98a8cb6d0799f59644599d77b0d8bb231a64dfba2a26db
GuLoader
da512b133967f3db61051f84669d6fadf309e53ac72906d581e8bb72851d726e
GuLoader
+ 552 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-r9gzxgr14x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

c183b4e8e22ff06e64abc4ac22551661

GuLoader

Executable exe 4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368736/
  
Dropped by
MD5 c183b4e8e22ff06e64abc4ac22551661
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5818/

Comments