MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8299fb84b56afeccbd7542f9c33d66fc40f5ab48fe5076479dd66c24f5d19fa0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8299fb84b56afeccbd7542f9c33d66fc40f5ab48fe5076479dd66c24f5d19fa0
SHA3-384 hash: f2ff852315f8a20ad9115bf8e797944e6642ac0ab075888c6bae8528203c0551172e836b6791594c8f3572af713f1d31
SHA1 hash: 2512b9d60cdb332e8d5b1927a1b6b50ea9546967
MD5 hash: 727a47853e64b4224a0b0ba09c22cb32
humanhash: michigan-blossom-sixteen-blue
File name:Nueva orden.PDF.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-13 16:54:05 UTC
Last seen:2020-05-13 18:22:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cc64667d5d701d4d188b724b2e17ce4a (1 x GuLoader)
ssdeep 768:H25jDOxOa5iUpTpg/O2gIt2toUmHipmDUGetCsU38cI11XmBWQOEsh:W5wOvw8gItqroip7IePOBWLj
Threatray 189 similar samples on MalwareBazaar
TLSH A5934807B2F2ED62DA004AB21E51C6D4101FBC345C264907BDE63A7D7A3A657DBE132B
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.viteltek.com
Sending IP: 104.237.144.27
From: "alejandro.alvarez" <colosio_her@camposreyeros.com>
Subject: RE: Nueva orden de consulta
Attachment: Nuevo orden.img (contains "Nueva orden.PDF.bat")

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.18712.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 17:36:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qkm7xbfvnl7mzplvil44gplg7raplk2i7zihmr452zwcj5ort6qa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0353a90102276045a708f151d0d4c6e1e3008e0de89b33ffc1329d0034932e28
GuLoader
8a6358426543c2a66c3bb116cf5a8cdefa04ba41463c4c05363bb03521f860ee
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b18dc8d2a804cc717ed7e737b3980f4e236fe9f81521ca815bd7161b0fd3db5c
GuLoader
ba7a2f7a10ab469e949866d67876704a9c8164c41e29915c46ef374369f7760b
GuLoader
be4c2083b065f457197a64c7192cc7f679a53e53737de2f64c41403170434faf
GuLoader
c90c7a5567f9db6866c7028e6dd1da3bbc962c42e5fe17f393fd3aae6c7d63d5
GuLoader
da40229062dc045460d3adcd70e42d15378ec4a83fd93738b30a59f5fab8da10
GuLoader
dad750195d0fc6695caaeda6ae16fe7131fab602fbc0b412e8a14703e0664788
GuLoader
fcbcbc48c784b9238ca42b16ce377ad3b3dd9db06cdf7460ce9e6db2debc3d60
GuLoader
+ 179 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hz4b46ac9e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 159aeeef6a95ef162e4330753ac0b582d7b97c6183b082f3dd393923f2331256

GuLoader

Executable exe 8299fb84b56afeccbd7542f9c33d66fc40f5ab48fe5076479dd66c24f5d19fa0

(this sample)

  
Dropped by
MD5 00ba8e2307b14df5699df924baef3548
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 159aeeef6a95ef162e4330753ac0b582d7b97c6183b082f3dd393923f2331256

Comments