MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b7522299cd2c84ead4b4690ea73f79d4f62e68ee2326fcb4482e1272ea5d545. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b7522299cd2c84ead4b4690ea73f79d4f62e68ee2326fcb4482e1272ea5d545
SHA3-384 hash: 75fb358356eae9336ced0c70513c9782a9f733724ce53894fd2b935a18cd0380a0e0d46cd4d4143a72904563caab8a59
SHA1 hash: 1f49a5a3fc1f4e3f2f7660e92b54a6a596217d12
MD5 hash: d1cf6be5b770faf8a1acfd3d33ab066c
humanhash: texas-seventeen-delaware-bulldog
File name:PI DC00027052020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:32:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2deeb1041f5fed46c2c3e0cb8a74e6a4 (1 x GuLoader)
ssdeep 1536:UlGyx1AYvMVd4ZEH7cDuOspR6yVxopD5DU5m6N+iE5kepl:apx1ywy7wuOiAsmpRCykeD
Threatray 779 similar samples on MalwareBazaar
TLSH 9EB33B1379C89C62DD048AB00C52DABA3CABED307C914F0FBA46B75D79326D529F075A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host130.cityonlinebd.net
Sending IP: 113.212.108.130
From: Sales Coordinator <mary.jane@rnz-group.com>
Reply-To: mary.jane@rnz-group.com
Subject: RE: RE: SIGNED/STAMPED CONTRACT AND PI
Attachment: PI DC00027052020.zip (contains "PI DC00027052020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1b72IjEYoZGv64zXXHuWZZWskPFtIy4tM

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5063/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 09:40:00 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1ca43e5c33edbf126b18cd7603f5674dc45c9aa2d34efa41796a8f0f9a08b947
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
8630725356bc4afad2815f39d01238d6e10477e04d19b5fcedcafc93c7519683
GuLoader
9b330bb1491b230182ada7cd439a91edbf552bae7494a2ce6ebf55726660b086
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 769 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ekp2xxjb8n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 27d17fe9a5e70ed6ddd161b97f2cfa5fdbb5893d00f46cd097d21249c03c7295

GuLoader

Executable exe 6b7522299cd2c84ead4b4690ea73f79d4f62e68ee2326fcb4482e1272ea5d545

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369967/
  
Dropped by
MD5 d5fa66c1cfd60e53470ce9a2ce62c18f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 27d17fe9a5e70ed6ddd161b97f2cfa5fdbb5893d00f46cd097d21249c03c7295
Cape
Cape
https://www.capesandbox.com/analysis/5063/

Comments