MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 573e0b24a46f4c80e6e20d935166a5cbe9bfb3c9704831ac3d2f12ed704290c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 573e0b24a46f4c80e6e20d935166a5cbe9bfb3c9704831ac3d2f12ed704290c6
SHA3-384 hash: c364cbe0f8acd26f81845726a9a5cdf43dca10afc7a941e55a8549c719c76642517682f2fd3c7419ccf2446c094c5271
SHA1 hash: d85d4c2b938b8e7925cb9e6519cc95459b94b817
MD5 hash: ddb11fa5c223047e9ce24acca7164428
humanhash: failed-seventeen-michigan-michigan
File name:Outstanding Payment may 2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 12:34:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bb5ff9939830726d8b4fe9a4c56147f0 (1 x GuLoader)
ssdeep 1536:bs94d4xR5Q/dVzI/W9tJ7rbgcKD7OiMIHipCaJ:e4dEQVl/XgLDZQJ
Threatray 26 similar samples on MalwareBazaar
TLSH 2C537D0B7E4CC093F138167018729AA51376AC295A01AF0B3FDDBE5ED571692BDE321E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "Quynh Anh (Ms.)" <prasong@carryboy.com>
Subject: (122614) - update payment date
Attachment: Outstanding Payment may 2020.zip (contains "Outstanding Payment may 2020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1--kDrv0mEPn0xNss2qHQVstzFVFrLK4N

Intelligence

File Origin
# of uploads :
1
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7537/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMIT.7849.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:36:08 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k47awjfen5gibzxcbwjvczvfzpu37m6jobeddlb5f4jo24ccsdda._file
Verdict:
malicious
Similar samples:
0c95f0063259bf9f86bbd26dc6ae04ce2b9efaaf759148685f457ddd25ef0610
GuLoader
2090709916a41cfe9ae1ebf1fd4e1dc13803e1cbefac6b796a79311cb5a95e2b
GuLoader
5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41
GuLoader
8e8ca471a9f9af066d0c6bc50224b2a42047babcf74fefa7a2746e2177148743
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
dbfdd9906827edada6d6bb63194a7b952f6e5f7592f59f2a9b7ff0dbe9dd01c0
GuLoader
e3936d05a6f6931946763895cb68f9afc1708643c41c78a179dce0b87f3abc08
GuLoader
eab3314405f92ae64e873677f8c2f47c6d1b6acab14e3f9a27e3580dd8409b72
GuLoader
f0f07c2192956e44619a5bea6c55b3f2d4be7ad9fd86fa1e85f734deaacc05f6
GuLoader
f6d45dfe2df55a795c38882a4b7505efcf2ba8af52e065973c5522cecd5099da
GuLoader
+ 16 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wtks97bl2n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8f47b20b73eeab43e68224043505270b6c4348012ae5ea7f53ac184d753f4f36

GuLoader

Executable exe 573e0b24a46f4c80e6e20d935166a5cbe9bfb3c9704831ac3d2f12ed704290c6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385333/
  
Dropped by
MD5 32d87dd65a4cdab0d1774ba0f4a4c52c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8f47b20b73eeab43e68224043505270b6c4348012ae5ea7f53ac184d753f4f36
Cape
Cape
https://www.capesandbox.com/analysis/7537/

Comments