MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99d07b0682434235023da65216efdcc624d66c436e80745614315d4c68e8735f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99d07b0682434235023da65216efdcc624d66c436e80745614315d4c68e8735f
SHA3-384 hash: 92824e9b63a31728cad98a5c43aa0e8105bae89200b77bd504f55ce2a20a11887e63845451fb34abfa5a48cf1f65f069
SHA1 hash: f2a73aa2a405f535c0b0b0673e6a61d14706d9b4
MD5 hash: 3108b020aab9b61ec38fd09a3d7ced0c
humanhash: mango-cola-bakerloo-neptune
File name:PO_5892 JANGUANG.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 06:49:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 531d39a010556645103d2c7bcd28d36b (1 x GuLoader)
ssdeep 768:bVI0GMjJvbviBzKfGtXm44/bMDrmfnWplStAVJLNqBJOcD3eM263kqZ3O6wMTaYv:bV9G0XQRqvnW/hLWO23eM263k6
Threatray 1'088 similar samples on MalwareBazaar
TLSH B2534B1B6D089643D13087B12A32D6A62719BC2A55067F4B3E4C7F6DEF316C27DE321A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Chan Janguang <chan.janguang@yuntong-batt.co>
Subject: RE: PURCHASE ORDER
Attachment: PO_5892 JANGUANG.rar (contains "PO_5892 JANGUANG.exe")

GuLoader payload URL:
http://111.90.146.31/bin_qMtYfGnUR133.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7461/
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:51:06 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=thihwbucinbdkar5uzjbn364yysnm3cdn2ahivqugfouy2hionpq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0494c6b3493335509d5fdce6d9592d796e592fee648f42dded58ddc29e3565a1
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
f060225054513f81f7600706174134f5bed19ede10f3134f59514542305c7f2b
GuLoader
f6c4c54e5af63b2b0f393830ddbf2a985289eb9bf6cb8a65ee7d68a79ddeb7f7
GuLoader
+ 1'078 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6eqdlklet6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 4bd4cff6445a1cb150251dffb7e0bc0846753cd820026a41eef9c47a6ac05c74

GuLoader

Executable exe 99d07b0682434235023da65216efdcc624d66c436e80745614315d4c68e8735f

(this sample)

  
Dropped by
MD5 10f81991063bd1cbda143f512cf11d42
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4bd4cff6445a1cb150251dffb7e0bc0846753cd820026a41eef9c47a6ac05c74
Cape
Cape
https://www.capesandbox.com/analysis/7461/

Comments