MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6217eb209fb47afe8f9f9d99160fc920e1f50066f3be43dbd8e48ba8695f1c51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6217eb209fb47afe8f9f9d99160fc920e1f50066f3be43dbd8e48ba8695f1c51
SHA3-384 hash: ccbd0517719251939fca44d5e9879cbdb4d5f8f58e7a5096668b20a246ae9d1abe5d1424655a7176746de9cc6b4e2e54
SHA1 hash: f2d44ecfb9a654eca8a131b93f251a8a1c3fe08f
MD5 hash: 1c2c2e9c91f34b35742c73b7c0c7a3fa
humanhash: bakerloo-two-oregon-indigo
File name:INVOICE_2134509.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-26 13:40:00 UTC
Last seen:2020-05-26 15:24:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4c9b3e5fc1b624ab1989cec52677f2ce (1 x GuLoader)
ssdeep 768:z81834V3WTUMPUIfkZyw/h7zalUblQDZwHM3C27cKNvoRaFAbAi:I5VGTWIcZLxeUbl8aZ2pNvaJ
Threatray 897 similar samples on MalwareBazaar
TLSH 58B32A4734E94CB2E93C9EB548B295542DB67C227D094B133984FEAC76732CE64A438F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: lycos.com
Sending IP: 199.96.83.18
From: sales1 <salvatoreaxb@lycos.com>
Subject: RE:RE: Invoice overdue for March,28 (last month)
Attachment: INVOICE_2134509.iso (contains "INVOICE_2134509.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1G71XlZQ7c-Wxgvyg8FFf59ec-8wU4Gds

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4955/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AE.5214.10825.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:35:59 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
460a85fda060cc0c8ab5a1aace37dc1f14bc400f4a3b011e613f64e0000c77b6
GuLoader
4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99
GuLoader
6dcf4557563343e881daf4b7d7b01e372457cee637ac001a1102a2e67a69cbf8
GuLoader
7a7760c4a4b1244950ea0fd475c53005ced18cb314a2e0fc4499086582e1a5aa
GuLoader
8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09
GuLoader
8fa47ee760cf1c21de132ec77eef49282a2312f197aba6026ee1de750051014b
GuLoader
a3314185c4c7b813105231aa59fbf2045b1fa595fd4bf322370112926afc24a7
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
fb6a49d393c339750c2effe7797cf304d7d9bb8c95fdaa3431af177f7a677ba8
GuLoader
fea3940f656c82bb8ed4668c67b6be0ecd1b72fc6d6ea52199c365ec03212a31
GuLoader
+ 887 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-42nmenf77j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 4bd31a0c14f90e2b5f7edd7440964354e2819672b36c35697ff1bc03cf24a07c

GuLoader

Executable exe 6217eb209fb47afe8f9f9d99160fc920e1f50066f3be43dbd8e48ba8695f1c51

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369177/
  
Dropped by
MD5 c34d59f8b5b43d7ebf78dcc7560d8254
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4bd31a0c14f90e2b5f7edd7440964354e2819672b36c35697ff1bc03cf24a07c
Cape
Cape
https://www.capesandbox.com/analysis/4955/

Comments


Avatar
CAPE Sandbox commented on 2020-05-27 10:11:40 UTC

#AgentTesla V2

https://capesandbox.com/analysis/4955/