MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81a658971e7a9f45c2237755d6e1d231f320d1fadf7356927ff782ae2ff22dea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 81a658971e7a9f45c2237755d6e1d231f320d1fadf7356927ff782ae2ff22dea
SHA3-384 hash: 8cbcc9126f08c54c60797a966cdd9164f3b595b8bff905d3140ba4fc322d96770853b490e613b5f3a9b54733bb6965c4
SHA1 hash: 380b3d50d96c7d70692b7751d9b78b546f13b16e
MD5 hash: 4d3fafd000907d91d2b6bf0126885aa8
humanhash: green-blossom-mockingbird-sad
File name:PO_2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:155'648 bytes
First seen:2020-05-12 15:49:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b35627f96cbbce4aefff6226001c41f6 (1 x GuLoader)
ssdeep 768:vCkCXPBhSBGkKN9YlP215pNveFE9HNUhEeei+Eugf0pzmX1dHX5hWGt8CRy8lsm:v+6cNMPw5pNveFEshZ+hk195YGtRfd
Threatray 704 similar samples on MalwareBazaar
TLSH 19E3328CFBE68417EE11893AC66B7D040E3B6DB1195E41CF21F274028B73BA45E51ABD
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.farolexshippings.com
Sending IP: 185.70.107.220
From: info<michael@icogens.com>
Subject: Purchase Order 2004118
Attachment: PO_2020.img (contains "PO_2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 03:47:00 UTC
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qgtfrfy6pkpulqrdo5k5nyosghzsbup235zvnet766bk4l7sfxva._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0daa29b9c74872bfe69ee54537140e75c43b9227c45d6d202df200d6f3ebeccd
GuLoader
284f5d7c77eab431e6dd8bdd9e508bbd1e2e3dc467b40f68b834b1a437061061
GuLoader
46c1e795439ea1890c5617fb2234cff51ce6785e5b07b2acfc89ddeb86e34a39
GuLoader
737539c5bc7f7aebd3a226f4342a23435bfe14a41dfa0a603698804157c28270
GuLoader
a9892834c6f030fd7a292b213a39270e2fc991b6c9287fff73b540dd2b36e290
GuLoader
cf02bb3aa058cc571d6c3368f98a96fefa3db05a813ea479d002edc1c3cbdb95
GuLoader
e2784c7f18addfe3cf107b35eae017eb8d02025fec8bc9d235a7ba598fcd9b62
GuLoader
f0b010d2806270e9a60da3658f2d033deed57a55ad883e7ab179c243bd5371be
GuLoader
fa085719a6b5701dff065332e4fa698b8961acc2883e611576c178cf370eb5d7
GuLoader
fd2f15ef992f18f206d53d8d162ae4385f283e433bc038e1e61fb81686f2b4de
GuLoader
+ 694 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fzlwhgagn6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d88228b77244addfe526314be6e1506247b217b3411d3e9700e1566cb95eb103

GuLoader

Executable exe 81a658971e7a9f45c2237755d6e1d231f320d1fadf7356927ff782ae2ff22dea

(this sample)

  
Dropped by
MD5 0b8f90154b84d0901318d8cc034171c7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d88228b77244addfe526314be6e1506247b217b3411d3e9700e1566cb95eb103

Comments