MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b189f4b81e32c2be2c252d6f6ba160bf8566aa74be9642af4af5e3b424be54ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b189f4b81e32c2be2c252d6f6ba160bf8566aa74be9642af4af5e3b424be54ca
SHA3-384 hash: f4f3da3b8c2930ddd9f4d18dd29d83a0d247805e410694c3f9ebb7e16c1cbba32bdeb0c99a434878218626e211c833a1
SHA1 hash: c74129cc924cd6087dafcff3fb991b73ff21863e
MD5 hash: 2a94d0505ffd81ce815bf8c3d849137c
humanhash: ceiling-hot-wisconsin-vermont
File name:PO1.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-06-08 14:48:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1ba2677e2491b9eaa40596e9df58f36d (1 x GuLoader)
ssdeep 1536:HEuRtSGluPyccZriaJjjmwYUVe5KwZHFnBL:R56ycew7h
Threatray 5'100 similar samples on MalwareBazaar
TLSH AB839D177D28C102E00407B16CA3CE192A7B7D1A18417F4FB69ABE5FE9723527C7A22D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host22.dnns.net
Sending IP: 66.128.53.229
From: William<William@baileytradingcompany.com>
Subject: Looking for a supplier-purchase order for government contract.
Attachment: PO-1.rar (contains "PO1.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=14ZIhMTZKfonCqc67KcODDWG9bZunJ0jQ

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7077/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:50:08 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wge7joa6glbl4lbffvxwxilax6cwnktux2lefl2k6xr3ijf6ktfa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
64379371f079edd1bb0d1a26a98e0a487c4e89a468f60674d803f929d24d3ecb
GuLoader
6f4b543bdd425e2cb35fcc06f79dfac486985ae0d84133c34e0fd01b3a2c22bb
GuLoader
8606768cb758ba8379659f65220250ebc1c491dabd668e7f98663571419cadf2
GuLoader
8c57c150d120c496a04aaad020b5458e8eff5f3fd69704a581360c785288c8d0
GuLoader
9b727d12d8d7a5568f0e1e4aa4d5e50365e7de1a213f672c68db74aae0f68246
GuLoader
a0c33533f61ee5c6065bf97a8e821512778417f2d51b205637af5324a68aa162
GuLoader
b43bca6dcc03b6c289b15fd6dde4bde2dee13d024f08b0ca47efefc9d9aa3d8c
GuLoader
bb7d7db00c98fc9b833c3da4a614e726380c6d0a8d5fe45e12ec4209ddf85806
GuLoader
ce6d1fc239eb571fde9427c0d7f11d7b6a7a1c0466711524b690ca0de3556a6b
GuLoader
+ 5'090 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-g3nn5j5wej/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 04b7bed5100ddc53fb29c99b5b31f0631e7d38a4d9202d98a791e7a2f914ab50

GuLoader

Executable exe b189f4b81e32c2be2c252d6f6ba160bf8566aa74be9642af4af5e3b424be54ca

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383217/
  
Dropped by
MD5 7405e506c913e74058260fcb5a4bc7a1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 04b7bed5100ddc53fb29c99b5b31f0631e7d38a4d9202d98a791e7a2f914ab50
Cape
Cape
https://www.capesandbox.com/analysis/7077/

Comments