MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6458e2ed559b0821cab5226e9258296079ed39db71bd8330cbe33dd04022abfc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6458e2ed559b0821cab5226e9258296079ed39db71bd8330cbe33dd04022abfc
SHA3-384 hash: 2a3b07be87f1c932770d0ded37687e169c9842f0fb66dbf6c55e05900c781b23c46f4673d69341d81f5d474a03329b61
SHA1 hash: 8405f80d4518af09b8a3d689296b58bf6bf33d31
MD5 hash: 0b46d20658d513d366844225823a9127
humanhash: steak-pizza-arkansas-virginia
File name:RFQ 13970 DT_PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-04 17:21:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash eec787c4b6c9ad5d97631429a114e157 (1 x GuLoader)
ssdeep 1536:12+KDrdLtwTT0UJ0IwDwv6cn8GIAkMk8BOq/:12frdh+TraVEp8GCI
Threatray 995 similar samples on MalwareBazaar
TLSH 7B838D137D08C593D00906F42D139EA51F36BDA848819E8B754BAF8EFD726876CE620F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.kibriswebtasarimi.com
Sending IP: 176.9.21.149
From: kavita_d@hindustancopper.com
Subject: CLARRIFICATION RFQ 13970 DT.02 / 03/2020 DUE DT.17 / 05/2020
Attachment: RFQ 13970 DT_PDF.gz (contains "RFQ 13970 DT_PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Urei4JInQ56o9z6smockmfFiiFZYlAgC

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
XpertRAT
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6591/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 17:36:08 UTC
AV detection:
9 of 31 (29.03%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mrmof3kvtmecdsvvejxjewbjmb462oo3og6ygmgl4m65aqbcvp6a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d4cf3aea3811e50188b9420eae68de18006627f4dd86719459d99ad41d49291
GuLoader
27d591d9f4f1c5c4f3f6ae8f975b1a0ed7d2ffb5277348e59cd32ef5c57e6168
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
743b0bd67e604e9e69acffcc8c7d56d8294de21c11c1a16cbeea94f82b6e5fa4
GuLoader
7f950bc31a7a30c03b8e703b1f59673a787674452e9c258e8343f9504486a559
GuLoader
854cd8ed0a2fb46f52cf610b77191562496c88eafa088cd2980d9c21bc3e8aa1
GuLoader
a618654d80abab200243945d1fb26204acb5bcc6e145656b8fb7152d8ab6a52e
GuLoader
b1cce5c3801487b851b808c16590f54937f9c36d668b9fcc2146c3d2d2040d97
GuLoader
e0a55cba6885e046f0eb064179877af39b10f3d8cc74b8c697ea7c8cda6ab739
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 985 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-w4hjsy2qqa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 9ffd577600d16c71f3620e606bd34728ba6ea6a3cb97322f882464d591b0c087

GuLoader

Executable exe 6458e2ed559b0821cab5226e9258296079ed39db71bd8330cbe33dd04022abfc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379639/
  
Dropped by
MD5 c980e4d5ced79e95b968d11aedd80b9e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9ffd577600d16c71f3620e606bd34728ba6ea6a3cb97322f882464d591b0c087
Cape
Cape
https://www.capesandbox.com/analysis/6591/

Comments