MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 743b0bd67e604e9e69acffcc8c7d56d8294de21c11c1a16cbeea94f82b6e5fa4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 743b0bd67e604e9e69acffcc8c7d56d8294de21c11c1a16cbeea94f82b6e5fa4
SHA3-384 hash: 94aeb74307d2cb2f59494ef273e00f44b0a815572b2f0f8af5ca218ce06b1a551ce8f6e910028ba7b4022c796bdadab3
SHA1 hash: f42cb4d0b68191a1b1fa91c0d51df30524f3873b
MD5 hash: 2a45a1584510256d4f4f838368433960
humanhash: helium-michigan-may-massachusetts
File name:PO #6202020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-05 13:40:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 33394a0ac3e96ec6599fc0e19df02306 (1 x GuLoader)
ssdeep 1536:ApXDrdLtwJT69XSjwDwvtwvpy9Jyx3QnL4P0:ANrdhSTyNE1upy9B7
Threatray 1'058 similar samples on MalwareBazaar
TLSH BC837B03BE5CC952D10545B62D13DAEA1A267D784842DE0B3548AF8FFD7279238E623F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: nsv40.dnshostmaster.net
Sending IP: 124.150.141.125
From: Paul <paul@urbangroup.com.my>
Reply-To: paul@urbangroup.com.my
Subject: PO.6202020
Attachment: PO 6202020.zip (contains "PO #6202020.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=EAD0E1196BD04320&resid=EAD0E1196BD04320%211219&authkey=AKgo75RMvr4khlc

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NanoCore
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6700/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.50307.14971.28026.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 09:25:39 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oq5qxvt6mbhj42nm77giy7kw3auu3yq4cha2c3f65kkpqk3ol6sa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d4cf3aea3811e50188b9420eae68de18006627f4dd86719459d99ad41d49291
GuLoader
3142e31329c54946869e2c0595bf23492f58f776ab9d6123bf20d10b6cba5602
GuLoader
604cdf637c64c8862b506caa60d1a66b02f97127dc265c6943cadd126fc32f14
GuLoader
6458e2ed559b0821cab5226e9258296079ed39db71bd8330cbe33dd04022abfc
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7f950bc31a7a30c03b8e703b1f59673a787674452e9c258e8343f9504486a559
GuLoader
8eaac79108455d13b9ba6696108a2f5a734c02463b208a5d399d3a70ea792498
GuLoader
b1cce5c3801487b851b808c16590f54937f9c36d668b9fcc2146c3d2d2040d97
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 1'048 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-c4f13xm586/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 65b326a24a4e121ee31bb7f2c188f10a972a9c8e4998691afd7e426af0e53a87

GuLoader

Executable exe 743b0bd67e604e9e69acffcc8c7d56d8294de21c11c1a16cbeea94f82b6e5fa4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379342/
  
Dropped by
MD5 0c385fcd87e55ad2777a6eee3fc6a8d8
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6700/
  
Dropped by
SHA256 65b326a24a4e121ee31bb7f2c188f10a972a9c8e4998691afd7e426af0e53a87

Comments