MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d192f66f0fbf8a2f9311a12b5905ce6a19ecd28e7c483ccfedaf0b5b153c0eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d192f66f0fbf8a2f9311a12b5905ce6a19ecd28e7c483ccfedaf0b5b153c0eb
SHA3-384 hash: c56ec44ba57e773e6b1d6b943789f045b507a96413da55709046d809e8a989c5b2b665e9c56582db7f5947a77d23e707
SHA1 hash: 315b44ec5b63b4acf996a4bcf5736f1524c4adbf
MD5 hash: 3247dab1004ddc6d6ef3123f5696faaf
humanhash: juliet-hotel-queen-oscar
File name:RAPPESSERR.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 08:56:09 UTC
Last seen:2020-05-26 15:39:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5df7ddc5b7fde0e3fc02dc1b9a2fbf4d (1 x GuLoader)
ssdeep 1536:YIRVt94GrvV0LhTFH6LSD/Wo3LYpjb+G0e8GTLbV:YIRX9br4TFaGjqXLZ
Threatray 319 similar samples on MalwareBazaar
TLSH DFC31723B1D85C81D8190EB14C9BAEA72D3AFD3175150B0B374EF65C27321EA7AB570A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hal-lndia.co.in
Sending IP: 79.124.8.209
From: Novak Andrey<sales@hal-lndia.co.in>
Subject: Request For Quotation
Attachment: Profile order3875.zip (contains "RAPPESSERR.exe")

GuLoader payload URL:
https://mncarteam.com/wp-includes/osanew_iULUvTR156.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5654/
Detection(s):
Win.Malware.Agent-7900604-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:59 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d4bd4bcfe5f31f317eabc6780b91c1499f4dfc22025cfa6eeec3bc188207dc3
GuLoader
242048a88fe7eb08cbd3de9cd13d0dad6f532bd8f85fdd8dcee59d7289f6c9ab
GuLoader
2a4737c791956f7c020af62490a855297096797a632a39e493ddf19365916456
GuLoader
4dce60ed857ab264ba4db32dfa8a3f4b3e6cc1d94cb2cb48bd33a98f9bf9f692
GuLoader
70399b135fa0365dae66a01b072dd8614be73c7ff2b4cc51caeeef64dfc60ef5
GuLoader
7cbc380c05ce0b8e7ff6c94ee11ac6aec99adfb14e530f43d895af660588e984
GuLoader
84f409f8aee0cf253fba68ae4027348449045f7bfb8723ac8fe0336c21c0b0f6
GuLoader
9848da60b74c19523583a237900008a3fcb268a9a4000c352f944f7d9f0d78e3
GuLoader
e63df6a7f5c2a30456c884959644745ee0174df416492324c5ee31635958f855
GuLoader
fdee0aef0be932935554b59899df6f51b2caea4d730ca1179158c15f62a9ccf4
GuLoader
+ 309 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-zt7l6cr8y6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 9f3083e1697b2ffd7c56550f89ab6b98a7de6e12925db3e53ac2bad4b73639be

GuLoader

Executable exe 6d192f66f0fbf8a2f9311a12b5905ce6a19ecd28e7c483ccfedaf0b5b153c0eb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368720/
  
Dropped by
MD5 4b0ca0010586ff35bfc8f2dcb0629036
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9f3083e1697b2ffd7c56550f89ab6b98a7de6e12925db3e53ac2bad4b73639be
Cape
Cape
https://www.capesandbox.com/analysis/5654/

Comments