MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62a0875b5f703693a9987c0bdca2e4c72d755671568125c041b0aeba7329b609. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62a0875b5f703693a9987c0bdca2e4c72d755671568125c041b0aeba7329b609
SHA3-384 hash: 8e054da9001871f8489bebbdd5f962a48e3997baaec96dc014ed5e64572711d7cce4f5f617b638b1d7405bbffb787cfb
SHA1 hash: 65f9aff96cf65c74ca80d9bb1974b275ad663c20
MD5 hash: 3c142c98ac314dfce4b3c9202edf8b79
humanhash: mountain-bulldog-fourteen-ack
File name:Proforma.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 06:48:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 58cb38fc13792afcbcaa468e3a5e5ea8 (1 x GuLoader)
ssdeep 768:b3zGMjJvbviBm6ewMmgTILQx9N7+Q5wQIrTGj60tpO9xt5c9SrW63MT6BowQID:bjG0kWTNbArSLpOx5L/
Threatray 850 similar samples on MalwareBazaar
TLSH A053595B6D08E943E1608BB0296285E56219AD284902BF4B3EDC7F1CEF315D67CD332A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: newalias.mindviking.com
Sending IP: 38.68.36.251
From: Mr. J. C. Lin <info@disturbinggreece.com>
Subject: R: Due regarding our Order..
Attachment: Lists of our Order...zip (contains "Proforma.exe")

GuLoader payload URL:
http://jtcmachinery.com/batch/spam@ashok_kEoWkr235.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7451/
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:50:06 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mkqiow27oa3jhkmypqf5zixey4wxkvtrk2aslqcbwcxlu4zjwyeq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
150399bdd91521ff244c8c83aa0ebede3560304bcd38a0fd21a189fa34b605da
GuLoader
187c0f3510e1435dce3980a2ef3dd20b44a694218b3ba633afe266f23cff03cb
GuLoader
24ebf6b9c1e61b3bdf58d0678683a8cae05860849a4d8b58a089af47a5ef67f7
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971
GuLoader
877f342fa777bd70c1308b545ddaff6e70d9a8840c819713e34fcef56e736630
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c7dd280473dfa42f4770ef4c52cf7d21fc234be5d566dcaf9303f7b41460b8ad
GuLoader
cee8a845815daa1914a89033be9f89287fab6194e8b8b700ec058013d6fa8c54
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
+ 840 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-w8ddhh6gzn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ed31299f22412d76e2e7b17a412a8d13111f0ece285ea69e691b0dcd4dbd8fc8

GuLoader

Executable exe 62a0875b5f703693a9987c0bdca2e4c72d755671568125c041b0aeba7329b609

(this sample)

  
Dropped by
MD5 a214601630cc82adc8b930d10a68d03d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ed31299f22412d76e2e7b17a412a8d13111f0ece285ea69e691b0dcd4dbd8fc8
Cape
Cape
https://www.capesandbox.com/analysis/7451/

Comments