MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93be0ad3d1ed15ca1f261a5a21ed71098bc299727ba8e17255612d429dbd9f8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93be0ad3d1ed15ca1f261a5a21ed71098bc299727ba8e17255612d429dbd9f8a
SHA3-384 hash: 69e9fc9ab937fd994d4ed1ea88f3a47b1f7ac5bad7c886ec7a2f4d813f66a4551d0d95397f9433da38210836f49890d8
SHA1 hash: 381142843f75741926a2d0063e66267c79a12c8a
MD5 hash: afc721cf98c80b998f8dd610726e4438
humanhash: blossom-sodium-twelve-jupiter
File name:glaiv.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 16:20:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a3950ffe375e513b9b7b6602b93f57b4 (3 x GuLoader)
ssdeep 768:zGo2BqPNbZjhR4Z27x/DiOq4e6LH1SkiyeHqEPiQ+a+9k4pUufHq:zrhjR4mDu8IymPidk47i
Threatray 5'113 similar samples on MalwareBazaar
TLSH BB934952B2D0D522D6268EF09B65A7F80466BCB46912CD4339D27F1D2A3BE13F93131B
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail-smail-vm41.hanmail.net
Sending IP: 203.133.180.229
From: 박제홍 <b2w1030@daum.net>
Subject: VJ013 삼우테크\x0a 삼우테크 제작사양서
Attachment: PO_VJ013-P-RFP-C-6-10411.IMG (contains "glaiv.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.1986.4856.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 12:39:57 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=so7avu6r5uk4uhzgdjncd3lrbgf4fglspouoc4svmewufhn5t6fa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
3c2fb53051873bdd9f851e47352dd4b303241a0224f458040dd5d06ac242cc7d
GuLoader
3e84acdb102f2437d07c3a28a7d06be9c322ce0840a2627bbddf01d49d337bfe
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
6bb00f89a53da0f161e6f2872b315221fdabc16975afedb7364685263487bd1c
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'103 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-73mvaxx67a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ab9f6100a26a3a347e003a5078e10727

GuLoader

Executable exe 93be0ad3d1ed15ca1f261a5a21ed71098bc299727ba8e17255612d429dbd9f8a

(this sample)

  
Dropped by
MD5 ab9f6100a26a3a347e003a5078e10727
  
Delivery method
Distributed via e-mail attachment

Comments