MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf2c56fa8b5e9c316ec1dd825a2f0275bc3a8356723d7cd0ff2a3ca5166e6e52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf2c56fa8b5e9c316ec1dd825a2f0275bc3a8356723d7cd0ff2a3ca5166e6e52
SHA3-384 hash: 392884e60b0b6fb848fc3900bd3f3fc3c1cc5a551e16774dbc081bfce6decd64e3b57f28243715723af36c8ce43a3fb8
SHA1 hash: 2ed1e330993fc187816271dedd9860f46b807565
MD5 hash: b613be4230e85742dad201e906f79200
humanhash: five-west-pizza-arizona
File name:RFQ.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:55'032 bytes
First seen:2020-05-26 07:21:07 UTC
Last seen:2020-05-26 08:15:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b54b7b72b99529f6b9e7aee2da124faa (1 x GuLoader)
ssdeep 768:jo+ZBuCPpCidtUVwrySB3FBOiSXj0JhIlX3jqA+nh+ez/IKASOwbDWH:sMRBCkUwZ3n7SzweqLI1wbDWH
Threatray 5'117 similar samples on MalwareBazaar
TLSH 3533F8E1F1F0207BD2B3DE70DE3685E800BB7D7C360A94572A5478CB0A7D909E65962B
Reporter abuse_ch
Tags:exe GuLoader

Code Signing Certificate

Organisation:Metrummets
Issuer:Metrummets
Algorithm:sha256WithRSAEncryption
Valid from:May 25 13:25:52 2020 GMT
Valid to:May 25 13:25:52 2021 GMT
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Graveyard Blocklist:This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 1AC09D852F06428F30752F9FDD4EA12B7FED74E15B6355331BD36097AF7A2486
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vm9win2.securesurfs.co
Sending IP: 162.213.42.222
From: Exports Suppliers <support@goldfx.co>
Reply-To: support@goldfx.co
Subject: Re: Invoice
Attachment: INVOICE.IMG (contains "RFQ.exe")

GuLoader payload URL:
http://37.72.175.206/bin_tsIZxkjw175.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5602/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43223169.12161.22730.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 02:43:39 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
505b27720a5499f84595328400b6ee1df8858b567f4f3e5da4e57d9f589ef930
GuLoader
52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
GuLoader
7299eda04e6f4f186eb5ef32a0bb702fb0a342fcf022b4f83b07116e18c7ecf9
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
bb8016149b1cfa77fa6614decb51d21b20385e2749f1b667ad0d51615c9baf05
GuLoader
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
GuLoader
c228a5356a247fc6ed50ff785a9364a7a9656c8f30e09e82f6e3f498a7f43353
GuLoader
dea5303370177b621cdd1fd497396ddaa9e94d3edd1407339f52f0dc85a67046
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8cmry9qew6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img bdb3597de8337b9efeb0b6f8bf3b6161ba75aa1656b3e460fd6fac25a98af09a

GuLoader

Executable exe bf2c56fa8b5e9c316ec1dd825a2f0275bc3a8356723d7cd0ff2a3ca5166e6e52

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368665/
  
Dropped by
MD5 69beb9daeaa85005ec94ea1f18da5883
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bdb3597de8337b9efeb0b6f8bf3b6161ba75aa1656b3e460fd6fac25a98af09a
Cape
Cape
https://www.capesandbox.com/analysis/5602/

Comments