MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54d3e50350cb0e6e43cae0d762829aeab02a389142d24d5c8d71c413e1d77842. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54d3e50350cb0e6e43cae0d762829aeab02a389142d24d5c8d71c413e1d77842
SHA3-384 hash: 9f9f0d11fb5b51c3320eb24677a44ddf4e650ddfcab54e6febb5b5efea9902a62dd4f692baddd04da4884a67a894372b
SHA1 hash: ce598d3d43442332bad74313fc9e54b341b40b17
MD5 hash: 0faca209aaa435ac86116d8e91ca3506
humanhash: nevada-cup-potato-coffee
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 06:50:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01b4897fdacb5b2096a72b7daecae4cf (1 x GuLoader)
ssdeep 768:bLu/GMjJvbviBhx+UqM6W0AnSl/TZt24B+TMVwJ9vG05O1/ptqt6CTbeKUMTPI7M:bL0G08x+K6WbnSlX24hV89POFrE6dM
Threatray 845 similar samples on MalwareBazaar
TLSH 2C536B1B6D08A953E06087B02D7692F56619BC2C4501BE4B3E9CBF5DEA322837DD371B
Reporter abuse_ch
Tags:GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host.sidhiciang.net
Sending IP: 67.222.24.138
From: Mandiri Cash Management <tax@suryaindo.com>
Subject: PEMDOEXP - PEMBERITAHUAN DOKUMEN EKSPOR
Attachment: HSBC PAYMENT SLIP.gz (contains "gunzipped")

GuLoader payload URL:
https://kinansreview.com/build_NEW_gLpjIcLUO232.bin
https://cmdtech.com.vn/build_NEW_gLpjIcLUO232.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7470/
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:52:12 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ktj6ka2qzmhg4q6k4dlwfau25kycuoerilje2xenohcbhyoxpbba._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11
GuLoader
93dc44981a771519cbdf592c8391ada5234cd2f6c19fc0bb4b3233867db9a345
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
dd95ca4e9ebb20cd4d2e26adfded37285e4321ef95bcee7dd0bbaf309eac8a38
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 835 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mf8gsxwaa6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz f78bc29cb7e536dc7c07a767b8957ffd1765c9b513bfb949b348b13260568d2b

GuLoader

Executable exe 54d3e50350cb0e6e43cae0d762829aeab02a389142d24d5c8d71c413e1d77842

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369924/
  
Dropped by
MD5 56ed61190196837b0b6c13a91af93d72
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7470/
  
Dropped by
SHA256 f78bc29cb7e536dc7c07a767b8957ffd1765c9b513bfb949b348b13260568d2b

Comments