MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f75534af5e989dd99a02227f555d7fdb4b57396b2eb8fb02eb71623b857395e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f75534af5e989dd99a02227f555d7fdb4b57396b2eb8fb02eb71623b857395e
SHA3-384 hash: a0f6282707cbfe0bbab6f8afdc36777e0869923134b940669f3a1e97235f063345b81bbc9e5e24f8b207d0469ad01a39
SHA1 hash: 154940d26896025bb30c96b5c643d005a5ddf08f
MD5 hash: 4f40e5bf0a2128ea9966efcffd513046
humanhash: hawaii-queen-mango-ceiling
File name:PO4014.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:03:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 32da0f528f4c16e934d9884cd531e2cc (1 x GuLoader)
ssdeep 1536:vSPfxV40om76bXLkgrKHxLdGKc+o0FDHdZ1gIVmZMUEVRYUgbvdelY:aPX97+KVdhjFD9z70UeYW
Threatray 1'063 similar samples on MalwareBazaar
TLSH 00B37D07EE4A8513C1988FFD2D139D797B1DA84A0D001FEF61796D9BAD316432CAF21A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail925.hm1479.locaweb.com.br
Sending IP: 177.153.9.25
From: HerwinServices <info@herwinservices.com>
Subject: Samples Information
Attachment: PO4014.zip (contains "PO4014.exe")

GuLoader payload URL:
http://thugesh.cf/cgi/KWA40.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6467/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 01:26:00 UTC
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p52vgsxv5ge53gnaeit7kvox7w2lk44wwlvy7mbow4lchocxhfpa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
2a1dd64638dac970b58a8dc939415fcc2a4532211295f1c72370df4df91447e1
GuLoader
62b0ea0e75b51f073364b7e5f82919866ecb9040e8ca78e147bf3fa24fefca5a
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7c993072655d3846fd0fa15c1370d2e784eddc45a0204e281e8b05dfceda6ece
GuLoader
8cf30db30a532af1eda7d1107cd54bad004d85daacd73bf86cb440dc3e87e78a
GuLoader
b2ad4bb1d6523d5541609a20280c7858ee9dbf33a206146082de81826efc8927
GuLoader
c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
GuLoader
c5ef77c9b5293774ac7a58fba97cce6a84d3948af08b014a08c155e978c09eef
GuLoader
ecedf83d0be321652070a9a1cace3f1dd67d3c22e39bee061ccc6d1a7fead636
GuLoader
+ 1'053 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4z4rk5lbgx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 799728fafc81d892400d71f5c94800877be1ce039649779cc2fdada89861cf39

GuLoader

Executable exe 7f75534af5e989dd99a02227f555d7fdb4b57396b2eb8fb02eb71623b857395e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378968/
  
Dropped by
MD5 e72ce5397642b9bb0125110e41c15ac6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 799728fafc81d892400d71f5c94800877be1ce039649779cc2fdada89861cf39
Cape
Cape
https://www.capesandbox.com/analysis/6467/

Comments