MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9802e8e7e84d1f454d72be9f937a7ad59230de4819f94535c7219bc347c587e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9802e8e7e84d1f454d72be9f937a7ad59230de4819f94535c7219bc347c587e2
SHA3-384 hash: 0825333a2e2f49bdf96f6d70f64e37e82f60cfbb1ec5d3251a9cdceb7600c9856cbec95e7973f05efd18c3e970bb4c1f
SHA1 hash: c4cc37b801cb590ccb375b776699e8d03b81a5eb
MD5 hash: 9a9b66da4acb05940c802faff5122a96
humanhash: jig-hamper-one-happy
File name:YQUANZHOU CO. LTD_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 05:14:50 UTC
Last seen:2020-05-12 05:53:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 59100e7ec0411ad29f954f0e2f548d31 (1 x GuLoader)
ssdeep 768:P23Jy5F5baegjjwzxRqm4EJsiDFNHJDvWWpza+hM4e8c/7DJ:8wNeeftlyCFXvWknM4IJ
Threatray 86 similar samples on MalwareBazaar
TLSH 0F936D06B1D4E567E60589B22BAAA7EC4157FD703E21C90336C27F6E6333752E92031B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FTA9A9B66DA4ACB.4988.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 22:21:18 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=taborz7ijupuktlsx2pzg6t22wjdbxsidh4uknohegn4gr6fq7ra._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
153df3fe76a7a30ea0cad977d5d8bbd667c91eeff663235f5e64b6ed27be9eab
GuLoader
47bd044b43d50313e7cb86aa0ab8e63cbbb1673ea0813657fa4fcac76947caaf
GuLoader
7cc0c6e489cb1b2d1dae70339b9409f9a54fa7d8920430490663b6f28ea4a7b4
GuLoader
81a658971e7a9f45c2237755d6e1d231f320d1fadf7356927ff782ae2ff22dea
GuLoader
8b361138d1a485395c9659ea7b607b22b9947abb8fdf8383383103412d9cd4d3
GuLoader
9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12
GuLoader
d0d1cd4e935867d366c2e0e4b213c45919a6edbc4536eeb1637fa7eeda975a43
GuLoader
d98c94265a32705781c3702b0c93298fe71325cc0d3b8ee5b59a469b412e5263
GuLoader
e43b2e9112cfdb0636686ec8994eaf717d159d10daefda23f11588a424468e90
GuLoader
f9df56ad385fec73bc6f3baf0d08e03f853f191ef975b2e467d3d6eb1ffa01fc
GuLoader
+ 76 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fgcajkrb12/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip b81e00de742cceea1365ed22bb38ed69d9abc2d1be084e36c0f4e4fa7d152c63

GuLoader

Executable exe 9802e8e7e84d1f454d72be9f937a7ad59230de4819f94535c7219bc347c587e2

(this sample)

  
Dropped by
MD5 655d40f56d44c6f1e1d83f9cbd5628a0
  
Dropped by
SHA256 b81e00de742cceea1365ed22bb38ed69d9abc2d1be084e36c0f4e4fa7d152c63
  
Delivery method
Distributed via e-mail attachment

Comments