MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e6444baf61bba9f9ef1747aeb3ebc31151769e0666b8259d342ed2008e73844. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e6444baf61bba9f9ef1747aeb3ebc31151769e0666b8259d342ed2008e73844
SHA3-384 hash: 8251bc10ead93afbc9596b14bc89cb5c1f7fd29dc7647145bf8d1b96b249d7a02d791c03f206f3d0354a80521ea871fb
SHA1 hash: 124522ab6d99e8524de45a8399ad43a089749fa4
MD5 hash: e05302ad9e33a15ef3295f23b2d5ad40
humanhash: burger-echo-high-south
File name:Request to Quote.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-05 13:37:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9558b82594fdfc0e2a93f172aff4f2ea (1 x GuLoader)
ssdeep 1536:W2EDrdLtwK+VRo0cm+wDwvt9hUu8MoBwYNljVy:WZrdhR+VR7DE1Uu9Y
Threatray 848 similar samples on MalwareBazaar
TLSH 29838F13BD488B53D01406B42E13DA9D2E77AD2C4C81AE4B7544AF8FFDB16C368E661E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: adamallysllc.co
Sending IP: 194.87.190.70
From: Mary Ann <mary@adamallysllc.co>
Subject: 구매 문의
Attachment: Request to Quote.zip (contains "Request to Quote.exe")

GuLoader payload URL:
http://194.87.190.89/snk/22.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6687/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMGX.6951.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 13:20:35 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jzsejoxwdo5j7hxror5owpv4gekro2pamzvyewotilwsachhhbca._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11
GuLoader
7d3cb63259a52aa1c69dc8fbe9145dd5e812de1675ba87d31de40f0efaab0574
GuLoader
9747bf43bd88474f148cdd3bd1a5a8ffa391c53ed7846e15fb5138190b73ecd8
GuLoader
a0ef6565b8fed20e76a7fc22c4627c0a62b6d5bdc3b79b7901a00e236060ee2b
GuLoader
b1cce5c3801487b851b808c16590f54937f9c36d668b9fcc2146c3d2d2040d97
GuLoader
b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
f060225054513f81f7600706174134f5bed19ede10f3134f59514542305c7f2b
GuLoader
+ 838 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x854dvxfke/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

c8030f1335e020bd826f6d623b0520a6

GuLoader

Executable exe 4e6444baf61bba9f9ef1747aeb3ebc31151769e0666b8259d342ed2008e73844

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382097/
  
Dropped by
MD5 c8030f1335e020bd826f6d623b0520a6
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6687/

Comments