MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa82601b73b942480ec35f665f346890e2d2b51646b89b77a36efed5962527d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa82601b73b942480ec35f665f346890e2d2b51646b89b77a36efed5962527d7
SHA3-384 hash: b66523fe7b125affe141b4283e823ab9146a714780bfcedb671a1b799a6637b05a3eda8d7008b2699fa4ec73dfea0d4a
SHA1 hash: b4437f89c274f239b83f07c90e9c987b394f8da6
MD5 hash: 028fb30aa94014c3a6cc3419644224f1
humanhash: moon-island-maine-orange
File name:kiasrogstodde.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:34:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b9e4a361c4c070e5fd2463c2537dc2ae (1 x GuLoader)
ssdeep 1536:baruRtSE4Q0huj5gZriaTfMqt0XtGe9c:J8WXqy79
Threatray 943 similar samples on MalwareBazaar
TLSH 01738F17A518C143E0110EB51CDB5E681B1B7C281A417F8B36DE7F5FFA727926CAA238
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 162-241-215-82.unifiedlayer.com
Sending IP: 162.241.215.82
From: Stacey Tsai <info@ombudsman.uz>
Subject: URGENT RFQ - FOR BDMC 2020 PROJECT REF :32ED121
Attachment: REQUEST FOR QUOTE.7z (contains "kiasrogstodde.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1WgplMQTTw7wq5eQeYLTVZ0_c7hs70CWe

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7242/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 00:17:38 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vkbgag3txfbeqdwdl5tf6ndisdrnfniwi24jw55dn37nlfrfe7lq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
080a382d362b7bc36365a369f6ff5755a38641e021fce3225eeda8e10e54964f
GuLoader
34c9285a6b094968258fffe94cb3339c1715cbc6b8db1d309f7075eb0afda2d0
GuLoader
3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c
GuLoader
5f0c0c43a813132bc787e581c5456b0bbd3f4bb1947691b9636eec6236861f5c
GuLoader
77ca94fab37626c559f533cfa3588472cd3578c3f334b4377e98e5b53cdf5782
GuLoader
888a2bd11840935e40bcea4cb2adfe57938ac8e0bc2e05c51b575167a469e667
GuLoader
8bbc2e9322af7c28162adfaa66055af70695b2da16b822be4b8b4deb67da405c
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
d11f49cceb75957df9dde57b197a71b081579d2a63eaf294974e5d03dbb6a558
GuLoader
efecbafe7ddfe1306dac292dbd23be0caf62c5423a4c7a91086b0ca194a5e3ed
GuLoader
+ 933 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xnvvnrywm6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

7z caddf7e3a5005067d1c71554f12b28d343279b3cbbb534d9803b1554eb0f9d12

GuLoader

Executable exe aa82601b73b942480ec35f665f346890e2d2b51646b89b77a36efed5962527d7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384276/
  
Dropped by
MD5 bda76f0246211ae1f880a4147f3e1bd2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 caddf7e3a5005067d1c71554f12b28d343279b3cbbb534d9803b1554eb0f9d12
Cape
Cape
https://www.capesandbox.com/analysis/7242/

Comments