MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
SHA3-384 hash: ce6ba89831f9f77cb6bff2c197633c354b593922629a7b5f78b188f7ec1a5ea37a16805b90d1e1c04ec9b23af220f3f4
SHA1 hash: d1120037509a8038d3e026b1ad621b15bf5bb70e
MD5 hash: ecc05b3100596aa04de9922ac4deda7a
humanhash: mango-delta-coffee-india
File name:SLD-E2020-0003.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2020-06-04 10:47:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e98efb2d68572794e9ef45c6a1114af (1 x GuLoader)
ssdeep 3072:lfEcuDynobItYrjHotk3PV55hkXuvXdBKX720ttGCCJ4kX:lscuDMirjIS3PV6wdBKr20ttGCCJ4
Threatray 5'416 similar samples on MalwareBazaar
TLSH BDC37B176D4DC342E10505F13C538E6E3A27BA1C9C459E6F2049AECFED71296ACEA21F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sungwon7.co
Sending IP: 111.90.158.36
From: Sebastian <sebastian@sungwon7.co>
Subject: attached selected items and confirmed copy of Quotation for your reference.
Attachment: SLD-E2020-0003.rar (contains "SLD-E2020-0003.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1j9VDy3BRfF84OQEaOGheH7ZZvQMX5ORg

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6512/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 11:35:51 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i5gk2zbldt4i7dl7siwl7wnyuagx7qhlidfpycdxab7ofccpcbpq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0a0ac8e138fdddc9e18357375ff41da88e340ac4dfc225d2d60976607dac8d8c
GuLoader
3a623059d68483ec267fb4852e1209eb93c3f351ba976cc1ef92da7070c33c64
GuLoader
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
6b307cbe4f1e8d769af95142d574e77a50654e25cce234f48da6c5e7a7aa4b99
GuLoader
6f95416c1006a499c7012c6cde49a27f83223c665cf9b28764030afeb04bf697
GuLoader
783c6835be34af1803983890ec14e1edb2ac7cef4442dff43cddb719d97236b2
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
GuLoader
e13acda03eb4829793beb5c0664d5752663b7ef5ae72b63724e7eaf189a9fec4
GuLoader
efaa9091d5aa1f64ae3b3c1258e90d5bb346e25e75ae3c4530ea9346380e2158
GuLoader
+ 5'406 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hems7d2b9s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 92870d12dde2cffee3661a148bb08be996acca9a5b06fd495e67c7fdb1b158c6

GuLoader

Executable exe 474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f

(this sample)

  
Dropped by
MD5 d1b36460f3b784b014c6817fc51eeff1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 92870d12dde2cffee3661a148bb08be996acca9a5b06fd495e67c7fdb1b158c6
Cape
Cape
https://www.capesandbox.com/analysis/6512/

Comments