MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d774b6ef4a21efee8a9116bfc18ab1a0a0609e058638a77566a29c9d98f7982. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	6d774b6ef4a21efee8a9116bfc18ab1a0a0609e058638a77566a29c9d98f7982
SHA3-384 hash:	3cc2928e22f13e1941bd65100b9a20c1e2e6dc34b5a994b84f404c3b57d9e0cea263b106c4a80d11622726e1479ed309
SHA1 hash:	a8da2a260d957adf923b9523fba459023ad62b34
MD5 hash:	21b43b8b954b3bbc3634e50c1234da43
humanhash:	michigan-jupiter-cat-kilo
File name:	gunzipped
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	86'016 bytes
First seen:	2020-05-12 16:07:28 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	18720b5a4e039cf00c466a86388f20cb (1 x GuLoader)
ssdeep	768:WIb/z4Wykc+Z/zJvpezY9iTb4PCMHS+Nst8bDIqnm0rg5:B/z4H0vvgOiTlMH3NMcDPxe
Threatray	62 similar samples on MalwareBazaar
TLSH	F4834CD6B098F276D6568DB31FB5D7A8422D7C300856C927B6C83B1E2A36A54F430737
Reporter	abuse_ch
Tags:	GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: host.sarmcol.com
Sending IP: 199.217.117.157
From: Sanjeev Raghubir <sanjeev@shoprite.co.za>
Reply-To: robles@ammeraalbeltechusa.info
Subject: Shoprite Order 1852293
Attachment: Shoprite Order 1852293.gz (contains "gunzipped")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Siggen9.45878.4514.23431.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-05-12 10:40:41 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nv3uw3xuuipp52fjcfv7ygfldifamcpalbryu52wniu4twmppgba._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-snl6av25m6/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 45e3c54aac3961c6f79fe29c1d81b6e57e51aa9b479fdd070fa1e671c5251d85

GuLoader

exe 6d774b6ef4a21efee8a9116bfc18ab1a0a0609e058638a77566a29c9d98f7982

(this sample)

Dropped by

MD5 31d0e31ac28b40ada01011092043e8e8

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 45e3c54aac3961c6f79fe29c1d81b6e57e51aa9b479fdd070fa1e671c5251d85

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample