MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8
SHA3-384 hash:	5196dc5375975801942c391e8d9660bbb8803d8be2465a851cae5b1044c0c04280466bd55ad37ab9d2d98c349c159633
SHA1 hash:	2c150fe7bdf5a9f59e910a1c531f723fdd29fb8e
MD5 hash:	04945438123f51fda1aecf05e2597b68
humanhash:	carolina-venus-comet-violet
File name:	Product Inquiry.bat
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	106'496 bytes
First seen:	2020-05-18 14:02:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	31a5a1336ba64e754ecbc8a74c608685 (1 x GuLoader)
ssdeep	1536:GfkVd8EeXc45aF8viwbZB9Q1KukFzVNFx7Rgmu264oYOf:3j8EeXc4yVKui9yf
Threatray	1'286 similar samples on MalwareBazaar
TLSH	7DA3835073A8FA27C8658EF70711AAE601F85CB5981076136BC77AEF1639C76E27031B
Reporter	jarumlus
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

92

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-05-18 14:35:46 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

23 of 31 (74.19%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pgrcicrfvybvzd5toklu4zb7e5qjtwdbddibro3aknlrzq6qntua._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f

20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5

37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032

3a865f21dc1c62ee31df28d89094e9e95d480e2bc6b75b3a6543b2906d975a61

52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b

8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957

965c87a812db18af2045b34e0aea89f39827d81b6d11a648fe96a6b1a3fba659

cb530981e6d92b89bc5346c11b478a5fb329eae8d8bb4609ee00f64747b993ff

d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c

e8dda9e99f125c3ecf5c3ae873ac202105208fd0aafbdcec927005343f02f71d

+ 1'276 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-smbgc89y6x/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip a803b1e1ce53a82ff53daa293131a7544208f5d308457a968013e4e6fcd841e2

exe 79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8

(this sample)

Dropped by

MD5 bfa9b2f397cebea97777642ca25aa69e

Dropped by

SHA256 a803b1e1ce53a82ff53daa293131a7544208f5d308457a968013e4e6fcd841e2

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample