MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77ca94fab37626c559f533cfa3588472cd3578c3f334b4377e98e5b53cdf5782. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77ca94fab37626c559f533cfa3588472cd3578c3f334b4377e98e5b53cdf5782
SHA3-384 hash: c16ac8fc99f4b2918d4d83e0c900b7ca817443fefea14c41dcf23a75d29517f3958a7e73e20a964182266e82ef8c7681
SHA1 hash: fad63937fabb482f8a07c8136599937efa1a74ab
MD5 hash: 814e77e942b8c786a259c95ac185d9cd
humanhash: william-high-april-magnesium
File name:Payment_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:40:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a95d3098d7e6641c9b692b70201147bc (1 x GuLoader)
ssdeep 768:byGqu1aL3mNtlrHBOj9WG1gNA4OQkdd2k0cAZTHi6JmVOABAF0rWGQS9sjpfpXDY:bCuRtSp7ulVkdJAZriaAis9EpfZe
Threatray 945 similar samples on MalwareBazaar
TLSH E9739D17A904C653E0084A702C979FB85B267C7C4D81BE4F659DBF0FE4757922DAE238
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.dtpia.jp
Sending IP: 211.206.227.222
From: William Ko<william.ko@schneider-electric.com>
Reply-To: <william.ko@schneider-electric.com>
Subject: bank details and payment
Attachment: Payment.rar (contains "Payment_pdf.exe")

GuLoader payload URL:
http://ratamodu.ga/~zadmin/group/gld_BJLCSDOEDs225.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7251/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 03:13:22 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7fjj6vtoytmkwpvgph2gweeolgtk6gd6m2lin36tds3kpg7k6ba._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
080a382d362b7bc36365a369f6ff5755a38641e021fce3225eeda8e10e54964f
GuLoader
34c9285a6b094968258fffe94cb3339c1715cbc6b8db1d309f7075eb0afda2d0
GuLoader
3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c
GuLoader
620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b
GuLoader
888a2bd11840935e40bcea4cb2adfe57938ac8e0bc2e05c51b575167a469e667
GuLoader
8bbc2e9322af7c28162adfaa66055af70695b2da16b822be4b8b4deb67da405c
GuLoader
8d73f17a44953ad8b611e21a6b661c0f39255a88f1a567640110ed8a364ee2ee
GuLoader
96bba127b43b518ff8714242dee393e5aa7aabff75a6df80cf45d9da1dbbdc94
GuLoader
aa82601b73b942480ec35f665f346890e2d2b51646b89b77a36efed5962527d7
GuLoader
d11f49cceb75957df9dde57b197a71b081579d2a63eaf294974e5d03dbb6a558
GuLoader
+ 935 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1mnateb4yn/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar c47b944504f3caa3eaf4437050e337af637eabba788fc961635a41f5e6a1dd6e

GuLoader

Executable exe 77ca94fab37626c559f533cfa3588472cd3578c3f334b4377e98e5b53cdf5782

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/373165/
  
Dropped by
MD5 86781a7f761ce12ac40c1b42d686d768
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7251/
  
Dropped by
SHA256 c47b944504f3caa3eaf4437050e337af637eabba788fc961635a41f5e6a1dd6e

Comments