MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd7d25a9958f0455c03a169c21ecba511a0ce5a43d528f8c3fdce782e4b31834. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd7d25a9958f0455c03a169c21ecba511a0ce5a43d528f8c3fdce782e4b31834
SHA3-384 hash: a2cabfcec049a0e4e4c099a7e3254a6e4c9b00fbe5dfa6f42938ccd8f798533d255df8f8468f3e0ea97b893f4b3fd66f
SHA1 hash: c5c1265efe051e9bcfb56419b7242f7af1f9eae7
MD5 hash: d8d47df591804e572ed1a97abd761e7a
humanhash: april-green-eight-yellow
File name:Pitfolddiapl.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 09:14:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f5ac698f48a45ce084344ecdb29b016d (8 x GuLoader)
ssdeep 1536:aa+HwqY+qzqqGGSmiibl/BnXeoBzVynMvt+w5X8mIobU:aaIwqY+W/hPV5GoQ
Threatray 158 similar samples on MalwareBazaar
TLSH 6BC32A23B9E86D52DC5C5FB20EB39DF72D157C20A9914F273285FB1D22321C27AA570A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.tancorp.id
Sending IP: 103.5.50.59
From: Marketing Voda <marketing@vodaindonesia.com>
Subject: Quotation.
Attachment: Quotation Doc.zip (contains "Pitfolddiapl.exe")

GuLoader payload URL:
https://mncarteam.com/wp-content/nigga_GUnqKgEGhP75.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5684/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 05:11:06 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d
GuLoader
1a9770a54fe5aa402d5016466244490b2edfacd3f2507714f016daa222fa953f
GuLoader
4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0
GuLoader
5f845094f591cc548f669c31a1cbd8466bfe37bdd890d12e535afd73242d58a7
GuLoader
8e01834fb94698ea94b41965f1847d283f14daaad211d567ee199b6b2caa0992
GuLoader
a1e8840b05e211a9aa314ac0d4359068094bd9016c77b43591bc543b37e7022d
GuLoader
c2fdcd6737639defbb98a8cb6d0799f59644599d77b0d8bb231a64dfba2a26db
GuLoader
c3242f5a544110304212594891c9f8bb0c2e61f29d904271a09f5b0f94437348
GuLoader
da512b133967f3db61051f84669d6fadf309e53ac72906d581e8bb72851d726e
GuLoader
fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464
GuLoader
+ 148 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-99b62vpntx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a34a47ca00cb94c695b4794e9e96bcf37010bb019ee6fff7d4e1a5c8b6badf67

GuLoader

Executable exe bd7d25a9958f0455c03a169c21ecba511a0ce5a43d528f8c3fdce782e4b31834

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368724/
  
Dropped by
MD5 85bafa5b4834dfcc4044f1700408c365
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a34a47ca00cb94c695b4794e9e96bcf37010bb019ee6fff7d4e1a5c8b6badf67
Cape
Cape
https://www.capesandbox.com/analysis/5684/

Comments