MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b
SHA3-384 hash: e2194ab965ffc426f488e247d25071e3c04107bd3ea5e018d2017de5f1e73ecc1f999303286be38749d5378e15844604
SHA1 hash: 3ab99de0b5845c716bad7554696799dc27d2b4d5
MD5 hash: b2434de431f8bff7a9997316c448498d
humanhash: wolfram-echo-violet-black
File name:Quotation.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:31:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 77be280ea26fb673c1f441d9a0fe1b61 (1 x GuLoader)
ssdeep 768:b9qu1aL3mNtlrHBOjrnB/twUBc6QZTHi6JssvXRZ4uFYroJLxeZaQUfCT4o:bUuRtS5FwuIZriabvh/llxeZaPi4
Threatray 5'098 similar samples on MalwareBazaar
TLSH EB739D17A914D153E0504AF06CD79EF81B16BC2C0981AF9F65A86F0FE9717932CAB32D
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.facetohen.ml
Sending IP: 64.52.164.226
From: (주) 해성테크 <michael@facetohen.ml>
Subject: [긴급] 견적 요청의 건 _ 해성테크
Attachment: Quotation.img (contains "Quotation.exe")

GuLoader payload URL:
http://slimbosahiyke.webredirect.org//uploud/5bab0b1d864615bab0b1d864b3/Nwata_Aegxb153.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7241/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:33:07 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mihbacueksq74kly4km7pnmryb2ytpzfppjldej4hn5nmaljtzfq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
03d585ea89f4e62bc18d42d1fadad0b02faca6d68c831e79fb542e9efd183f7a
GuLoader
0951d8c7c31922177bfac1849388cf7e947d6e51ccbf936c7edd1e6d7c44da9d
GuLoader
26d95099636e212fccb35c4865a6aaee393079698b6c3a6f0a07ef2960a845b0
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
GuLoader
8604f9cf7a68603106748dcd54ec4bf13f11ac46bf07d4fa0ec20d45b98e16c9
GuLoader
9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264
GuLoader
c2fad0ca69171eabf05cff3020af18e45b34558b660e5197bdb4c0c072c9cdde
GuLoader
e6bdca558fb485e6ac7295d20f868902f2b790bc147fb3ab1e3a6628280d40f3
GuLoader
ee4ae13d3fd3b58d86e270db11937476b4b7add1673983c2c28ed4d7dcc75552
GuLoader
+ 5'088 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sj7vqkw4p2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8960c59105c173a34d7e6db9450ef3ce5c3edaa2f81350f170f1cfa9aff93e63

GuLoader

Executable exe 620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384272/
  
Dropped by
MD5 f0e83d48da1b4a65642b77a9f6720c7a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7241/
  
Dropped by
SHA256 8960c59105c173a34d7e6db9450ef3ce5c3edaa2f81350f170f1cfa9aff93e63

Comments