MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f58301039be3f4696a431ebe72d76fce3df1e83d6ee1265bdcb27e0e45d63ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f58301039be3f4696a431ebe72d76fce3df1e83d6ee1265bdcb27e0e45d63ab
SHA3-384 hash: 947181fd04c565664ee4b1935ef012517667991cb1e1bfeca28baa2d71a3c5dfabb05beabf23f8f356754292d8b3089b
SHA1 hash: b32b6c42468629421110af6b56806828c087a856
MD5 hash: 25ccd215b5b8260df582d0afdf3204af
humanhash: wolfram-oscar-video-saturn
File name:Quotation.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 06:50:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a5f47a2a91d7a89069ff17ba8f8006f9 (1 x GuLoader)
ssdeep 768:burGMjJvbviBTrYRbEs4i5l+MMdE3uOBI8OM4RDh2Z//LaxfdMT6hA:bKG0DRbWi5qE3Olh2Z0fP
Threatray 1'300 similar samples on MalwareBazaar
TLSH 68535C0F6D08A993D02087F029B295D46729BC289505BF4B7F8C6F5DDA716C2BDD332A
Reporter abuse_ch
Tags:CHN exe geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.197
From: 溫迪 <pepsontoys4@pepsontoys.com>
Subject: 回覆: Revised Order
Attachment: PO0011326.img (contains "Quotation.exe")

GuLoader payload URL:
http://5.206.227.139/alimo_CHduEKK51.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Ispy
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7463/
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:52:05 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p5mdaebzxy7unfveghv6ollw7tr56hud23xbezn5zmt6bzc5movq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3631b6f02663cc48d6ca8a8396a168c0d0204326c8d3ff66b25e013c7e8d5f93
GuLoader
4f965aee8b694528d2d11d5a80eeee466959650ffcd12b5f0fc28d3a11709e27
GuLoader
620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b
GuLoader
632562060da02f7ed5e92b1fe1bd94ce8d993cb134e93f8294beade2f0f42974
GuLoader
6c09ece0b9aad3203ecbbd39ece95dd2ec4caea7d0dd4259bc3b5e4158218dd9
GuLoader
8d73f17a44953ad8b611e21a6b661c0f39255a88f1a567640110ed8a364ee2ee
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42
GuLoader
f8dec47c69d225551ae101236be38ea50944b01e14f64a8e5d4758c8e20ec6bb
GuLoader
+ 1'290 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jydelmdmk2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 42e5b85a55db978d3f5b2d752495683e7bb2eb84628aa811168af17f3a4da6e7

GuLoader

Executable exe 7f58301039be3f4696a431ebe72d76fce3df1e83d6ee1265bdcb27e0e45d63ab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385264/
  
Dropped by
MD5 9198b80555cb9f48a14937de27ef9e09
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 42e5b85a55db978d3f5b2d752495683e7bb2eb84628aa811168af17f3a4da6e7
Cape
Cape
https://www.capesandbox.com/analysis/7463/

Comments