MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a47ef7ee964cc40c9058890fc7194db6937d37651957cc8662a3ba389f73f113. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a47ef7ee964cc40c9058890fc7194db6937d37651957cc8662a3ba389f73f113
SHA3-384 hash: 5648b61756bcf89de31ddd5788d86770a86e4df36ca7527b6aed5bbea8c1bae052f3bc6c5d1d975e4ef24b16d482d67b
SHA1 hash: 581e40be3ecc8b974f37ebba827ef7e6450609ee
MD5 hash: f25c6d43573270bef392054c43e8d390
humanhash: speaker-johnny-red-fourteen
File name:Detalles del pago.pdf.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-05 13:29:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c591f553b404fabfae9298b96a88a070 (1 x GuLoader)
ssdeep 1536:pQ+DrdLtwnQ7uXh4wDwvMdbc/ojncR8Vve7/Bdb:nrdhF7EEE9EojJmB9
Threatray 816 similar samples on MalwareBazaar
TLSH 12737C17BD1CD9D2D04446B53E13CDAD2F236D2C4842AE4B6608BF8FEC716D368A661E
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coreptec.com>
Reply-To: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1VMSPScK2rNubJ_KGvCwLb55RePxH41EP

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6678/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMGX.4536.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 13:33:08 UTC
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ur7pp3uwjtcazecyreh4ogknw2jx2n3fdfl4zbtcuo5drh3t6ejq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
27d591d9f4f1c5c4f3f6ae8f975b1a0ed7d2ffb5277348e59cd32ef5c57e6168
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
743b0bd67e604e9e69acffcc8c7d56d8294de21c11c1a16cbeea94f82b6e5fa4
GuLoader
761e31eb72cc241c0b5bf6ae44cd9dcc41854f523127a6638ad332ff0b8dfb3a
GuLoader
7f950bc31a7a30c03b8e703b1f59673a787674452e9c258e8343f9504486a559
GuLoader
b1cce5c3801487b851b808c16590f54937f9c36d668b9fcc2146c3d2d2040d97
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
dfe66d2e7938bed4e4452f82519a8b02d0ac89e74341a4abee8b2ec1c6a7ffb6
GuLoader
e0a55cba6885e046f0eb064179877af39b10f3d8cc74b8c697ea7c8cda6ab739
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
+ 806 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rxyf4vxpzn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 405eb9f9561367739c1d474bd236237be43bc0565da744690a52dab80627ef3c

GuLoader

Executable exe a47ef7ee964cc40c9058890fc7194db6937d37651957cc8662a3ba389f73f113

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379642/
  
Dropped by
MD5 d91886316da90c5bef63e96de8539d06
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 405eb9f9561367739c1d474bd236237be43bc0565da744690a52dab80627ef3c
Cape
Cape
https://www.capesandbox.com/analysis/6678/

Comments