MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
SHA3-384 hash: 3555a8a7c33f6a3515eca1997bd9b3022d920e90e952daf8e3884b866b4ff8dc37dc7817cacb8987d0aaa55cf388d279
SHA1 hash: 04f8151dbf4cb6349165e82e6afff9f95257e4c9
MD5 hash: 65068b72584b7856e0b270b92a597996
humanhash: whiskey-edward-king-fillet
File name:65068b72584b7856e0b270b92a597996.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-09 09:03:39 UTC
Last seen:2020-06-09 09:46:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d3230c3f23c15d301b2ee0cc17b5134 (1 x GuLoader)
ssdeep 1536:R0uRtSjlZSUJNtsUZria2yjRd52iKBwUl1l:/AsUHt9RdIV
Threatray 1'844 similar samples on MalwareBazaar
TLSH 3A839E077558C506F15806702CE3AEF52B26BC285A416F4F2199BF1FE8F17926CAA32D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://onedrive.live.com/download?cid=F191CCC6E999117D&resid=F191CCC6E999117D%21302&authkey=AC4hd4wVikecTh4

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NanoCore
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7279/
Detection(s):
SecuriteInfo.com.Variant.Razy.682353.7063.1905.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 09:05:04 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uvyfsk7vuiob6vlrf7hmmcqfg37nvpriwqe5tjep3rezdbpbkt7q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0661a441ae0af8542687aeb35aa00942b5b2bd1543c35574c0f4cb4592ed4c36
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
3939a9494bb1636232937e57243c7c362fc9c08a0f9944509b60cde9943993e9
GuLoader
4888f20f69768fe2eceaab071e1866782db2076b0321e28b72cdf454d6385c35
GuLoader
610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
GuLoader
7f95fc08dcdbe713e3a41b5b5d72763b4b3a4c608a1766596c8d055b12b2ee27
GuLoader
c8ea056cb229cc17d43217a6aba42320468cfaea55d6f9846b5f402bab6b06d0
GuLoader
cf02bb3aa058cc571d6c3368f98a96fefa3db05a813ea479d002edc1c3cbdb95
GuLoader
cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
+ 1'834 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x6dylhcqqx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_vobfus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/384501/
Cape
Cape
https://www.capesandbox.com/analysis/7279/

Comments