MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971
SHA3-384 hash: 92936d58d87f6abf0bcdde7581f6f36c468bba632feb1e4c9f86cd0079be1be9c3c74bce3b1125c48aefe1554a9a50a6
SHA1 hash: 5b6aa5c41efd87abef7e965ecdfb0b93cde0eb61
MD5 hash: 65c6d6cad74a069aa47b8b44b2d80091
humanhash: oscar-black-nine-pennsylvania
File name:Inv-PO021249.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-06-08 14:49:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 34768851b3e61a79b1db8839e285d24f (1 x GuLoader)
ssdeep 1536:buRtSpQSwnneqZria0WKLy1EJuVNUcSDBsW:yyVeeiUXSW
Threatray 840 similar samples on MalwareBazaar
TLSH 9F937C377E48C102F20506F12CA2A955167BBC265880AECF12857D8FB8F275E7966F1F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp125.iad3b.emailsrvr.com
Sending IP: 146.20.161.125
From: Suzanne <support@lecuy.org>
Subject: Invoice PO021249
Attachment: Inv-PO021249.img (contains "Inv-PO021249.exe")

GuLoader payload URL:
http://www.filefactory.com/file/6zg94cfexkq1/tekashi_zYfAEyH47.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NanoCore
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7082/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:51:06 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pxe5iiak3jgxlzinprhnq3xpsurtjzf3nhnaizase2bopl7y3fyq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c69b80c225b95161ab357d6a35bf54846167a38bea69de84371c283ffcd0a8c
GuLoader
2ffbb987622b48ac9e1b3a53291f9af5a3949ba14019d43756a8219f66af0a86
GuLoader
88dfd10d3d3b459c8284f0c64b88786c5770eb2b75436be9951ad1117c1b6a0f
GuLoader
996d663495ef1d96ee9fca68c07a4173910824b4956214edd0af1c53501608d7
GuLoader
b189f4b81e32c2be2c252d6f6ba160bf8566aa74be9642af4af5e3b424be54ca
GuLoader
ddee93284ea3d58e46a5814cdac4b3314d542acad7ef9eef0ee29257639cfa07
GuLoader
de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42
GuLoader
fa8949da882bd317bc4b975dac2514553258a79a3ec0e7bb2e029f61e131ed66
GuLoader
fc69637262c3ccd722552ece430c078195f3999934cccabdb2fcf0a6e2fe9446
GuLoader
fde85b3d5e4784dcef4c245c1db1ee0bb5d496fe4de8548594f569964715d515
GuLoader
+ 830 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-tlyqwl1dsj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 9e28c66bf87ac2f3546bf1a082c03a7a828fde35e243f848735c19615846e754

GuLoader

Executable exe 7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383232/
  
Dropped by
MD5 36e33116c1896437f17586dd8e85e59f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9e28c66bf87ac2f3546bf1a082c03a7a828fde35e243f848735c19615846e754
Cape
Cape
https://www.capesandbox.com/analysis/7082/

Comments