MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63a6658d48cb77efa5b567692abceb0e64823652096604073725b6e1cdfe285a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63a6658d48cb77efa5b567692abceb0e64823652096604073725b6e1cdfe285a
SHA3-384 hash: 0e89116f17ad08bbd35eb9d6de2c61d1442c350cc5c7d0a3f3d0f9bbfbec825e8593009189b4dbaa275f653c6a56145c
SHA1 hash: 04b2eddab95388900ad1918d9eccd311fde45ee4
MD5 hash: e5f15a05d52ff16b468b588d461a3757
humanhash: early-july-video-alpha
File name:INVOICE_28042020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-01 13:38:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87d92a2305a25d277170ff13fdc032cc (1 x GuLoader)
ssdeep 1536:LFO8lLrFNLbSgZqrjTTDkBufqkzeRGlwB6LLvzUidA+Srb:FpSTTDkEfFeRO3HvzUidA+Srb
Threatray 1'551 similar samples on MalwareBazaar
TLSH A1833A13ED5C9A02E56082741C57CB6E2F25BC1C89821E8F394E6E5BBF317622C6D21D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.errantas.com
Sending IP: 45.95.169.152
From: sales1 <noreply@pleng.net>
Reply-To: noreply@pleng.net
Subject: RE: RE: Invoice overdue for April, 28 (lastmonth)
Attachment: INVOICE_28042020.zip (contains "INVOICE_28042020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=18D4ZtIlpq_yzuzbcPUyLslNs7BNWVKKy

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5925/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 14:36:04 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=motgldkizn367jnvm5usvphlbzsienssbftaibzxew3odtp6fbna._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec
GuLoader
0ec3c68f6fa845bcc40ea35365aa204f7e8bdf8010ea20dec2e3ea3f46838e02
GuLoader
2587f1479965f71d98a3f9ead9b9ae00fd71cb0efd00ce8843da9a8c443d0af9
GuLoader
668ec5b9759f0349cc79113c4d2bb62ebf2239de79532f97248b242df8608a3c
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
7d7ed3c072fa7c497d96ae8559d877713278100e6e221bb913878665088965fa
GuLoader
994655b2cfd0979f7b96ae1f4423510633a82adf92fa6486dfd2f3243e96618d
GuLoader
a0da1c24eb6a23bd435cf8787a335324b0dd654bfe01ab76a41c5c3cbab48fe2
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
daa83b31dedd9baabaa012bf052e93e0b378fd00d7c8f8b18ddd8665e04aeb4b
GuLoader
+ 1'541 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-drx9aa1bh2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 879915d887a9f439562bcfae10a7be4f07badf13a259a22bbfbf169036d194f0

GuLoader

Executable exe 63a6658d48cb77efa5b567692abceb0e64823652096604073725b6e1cdfe285a

(this sample)

  
Dropped by
MD5 65e7140e451b47075e468f4dea93a13f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 879915d887a9f439562bcfae10a7be4f07badf13a259a22bbfbf169036d194f0
Cape
Cape
https://www.capesandbox.com/analysis/5925/

Comments