MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
SHA3-384 hash:	473f61b04edef7beefcd25ba2fd207f758cfbb6ab374151d6a7ffb6fe85d846d9e96cd07905d5b302692db1e8daf87ad
SHA1 hash:	537ca33f9399c6196ea38e4e6e3e8e9695ac5d20
MD5 hash:	be5b3246523f49207c34223d5207a35c
humanhash:	pip-thirteen-one-stairway
File name:	MV RUKIA V.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	114'688 bytes
First seen:	2020-06-04 06:01:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	06fd5194f55c94ff0ed2cd9a680d9978 (1 x GuLoader)
ssdeep	1536:MFSPfxV40ctfag1kgrKHxLdGKc+o0FDHdZ1gI1q5RHl6mMlcixIX4M:/PXILKVdhjFD9zZk5r8M
Threatray	2'544 similar samples on MalwareBazaar
TLSH	B3B37C03EC898613D1848BBC3D538D793A1CB91D49056FDF717A6E9BAE316822C9B11F
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: abidjiaintl.ml
Sending IP: 45.137.22.55
From: Raffles Shipping International Pte Ltd (Singapore) <procure@abidjiaintl.ml>
Subject: MV RUKIA V - DISPORT AGENCY NOMINATION
Attachment: MV RUKIA V.zip (contains "MV RUKIA V.exe")

GuLoader payload URL:
https://cor.sehablae.com/mnaa.bin

Intelligence

File Origin

# of uploads :

1

# of downloads :

68

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Loki

Link:

https://www.capesandbox.com/analysis/6444/

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/367250

Behaviour

Behavior Graph:

n/a

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-06-04 01:32:00 UTC

AV detection:

18 of 31 (58.06%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=wztprjqfurpn5p22hgagoxiaxbbuhknty6tnad5zbq37ic2vvrlq._file

Verdict:

malicious

Label(s):

lokipasswordstealer(pws)

guloader

Similar samples:

0f9f76e8ffa64b600745b99b8f7b51cfa151299424e6523995c6c0bcd7a5cd6b

136951ab2919602366049b534cc5159e1d6da7bc46a9131ce292dcefaf05c449

2c1642f94762a15404bbc286403d839f6ceba0659179aa227232af98d2b49d6d

439b4bf202d997d215433860e0b2e2ccf9a53dde53f3c4a0482450d4550c4edf

a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14

ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439

ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49

b584d8b69ef7c3f2689e4cecbec9932b84ca55e03c87b1aa9a9b9f56a1ba6c94

c1f40574d76ccbf75a61e6bbd123b59d1c384cd2c8d435cbbb2bc54211615e3d

f96524898a01e5bad30e3d007cd96ba787a25419141210042df0bff2afab6a02

+ 2'534 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-h28bskntwa/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 4489fba76a0635c549a7e1b2a4914eea771c6b1ec271c77471fdaff0d14c0c12

exe b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/378995/

Dropped by

MD5 85c813e034b74a5bd59901b77e20272d

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 4489fba76a0635c549a7e1b2a4914eea771c6b1ec271c77471fdaff0d14c0c12

Cape

Cape

https://www.capesandbox.com/analysis/6444/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample