MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d90dd1c7420b9b1300ffc653c2465fa6c602f664b2cd0fdf1644a5cdef4954a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d90dd1c7420b9b1300ffc653c2465fa6c602f664b2cd0fdf1644a5cdef4954a
SHA3-384 hash: ac1d0ee45ed903cdb32bc2c8ef2085d2958a4b59469056372ee18869a1d87b2067989fbe64b929a011fd08805b2e4d09
SHA1 hash: c7d6832976a2fde1fc4989777b2b9129fecbfd55
MD5 hash: 04982e327cd2f72bdd31efb1bb7a2b63
humanhash: kentucky-carolina-avocado-lamp
File name:RFQ 13970 DTgz.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2020-06-04 15:51:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e9d5b8704eeef38b56c960618832c997 (1 x GuLoader)
ssdeep 3072:mYfEcuDynpiUvfumjHotk3PV55hkXuLhuoPF2:LscuDIiU9jIS3PV6I0aF
Threatray 778 similar samples on MalwareBazaar
TLSH 14C38C076D4DC783E00006F13C239E6D3A67AB1C9D819E6F215A9ECF9D752416CEA61F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.kibriswebtasarimi.com
Sending IP: 176.9.21.149
From: kavita_d@hindustancopper.com
Subject: CLARRIFICATION RFQ 13970 DT.02 / 03/2020 DUE DT.17 / 05/2020
Attachment: RFQ 13970 DTgz.gz (contains "RFQ 13970 DTgz.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1EI_VBo7HIIA8DaxPyBp0jfZRNgUIIu4l

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6557/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 16:36:39 UTC
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pwin2hduec43cmap7rstyjdf7jwgal3gjmwnb7prmrffzxxusvfa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
093e7cd7215e4c58cde245f8febd7ae91c79e3d01786e8166b6627536415dad2
GuLoader
0a48a4027eb05b188d2cdb83f220a3160c9b5c9006df53306bbf5e4ad9ec55c2
GuLoader
1c3b6c661cd142c98ccc346a878878141b33361c7db6176c5bedfea72e1a59e3
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
58faef99e4fcfd4f1b48907d4dcc145c0aa1013e43d938abd7a164ff46104975
GuLoader
59d9634fa16ad7953b87ab1db74f9ce2ec17957c046fd620be82a6fadb17f9e1
GuLoader
79afc9b39ba7fe7dd6ed282d39eb915bb47271d552177f62c6606b99901f9cd2
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
baa64a07d699b89e8715fe38010305c8b42fcb15384550d7cb56f44a71894490
GuLoader
d92edeb61ad7636386c2b3f47a4bb95ca27489b4806a7088bf3c012b7619a5b1
GuLoader
+ 768 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bpeaqywg2a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz cf504ac4e9f71adab18c28a7874ba101aeaae121dd86f73a8ea8519951ffd05f

GuLoader

Executable exe 7d90dd1c7420b9b1300ffc653c2465fa6c602f664b2cd0fdf1644a5cdef4954a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379343/
  
Dropped by
MD5 ea3d77ab5ab61b3ef98eb9c6acec392d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 cf504ac4e9f71adab18c28a7874ba101aeaae121dd86f73a8ea8519951ffd05f
Cape
Cape
https://www.capesandbox.com/analysis/6557/

Comments