MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c08e9dc3b7237d74908e572f68d6808dc155f632243a87eaef985c67c9caee85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c08e9dc3b7237d74908e572f68d6808dc155f632243a87eaef985c67c9caee85
SHA3-384 hash: 9fa897b0e25dfdfa59be95ece009b0d0a4cae51e352769d0f6e3d79cd28e505c894203bef65c6d85405f98ffd0a7281f
SHA1 hash: a3a5d8d25b35c0a095842462a8f13b49fe270bb5
MD5 hash: 8e0834d63469f848b6af89f4ba9c4831
humanhash: mississippi-stream-cat-ceiling
File name:NEW ORDER 56655.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-26 13:35:48 UTC
Last seen:2020-05-26 15:24:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9aee13062166ff4fd44079393251d0d3 (1 x GuLoader)
ssdeep 3072:YgIlAbm0+FdnG31z+6ZHTYMXWDqNQzXK/T:YgiAbm0+FdnG31z+6ZHTZXWDqN1
Threatray 278 similar samples on MalwareBazaar
TLSH BFB3D80B3AD87CBAEC35AFF154A1C9606C62FC3128109B973D0DBB8D257698E1EB0755
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.saechang.co.kr
Sending IP: 218.38.111.134
From: <yclee@saechang.co.kr>
Subject: Re: New order HRB 1580
Attachment: NEW ORDER 56655.zip (contains "NEW ORDER 56655.exe")

GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4967/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AE.12490.18403.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:36:05 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0353a90102276045a708f151d0d4c6e1e3008e0de89b33ffc1329d0034932e28
GuLoader
1c6c9635f0c01cc93b504293351215058cf9ef8b62ca38ce71012a4875fbe0a4
GuLoader
8a6358426543c2a66c3bb116cf5a8cdefa04ba41463c4c05363bb03521f860ee
GuLoader
a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55
GuLoader
b18dc8d2a804cc717ed7e737b3980f4e236fe9f81521ca815bd7161b0fd3db5c
GuLoader
ba7a2f7a10ab469e949866d67876704a9c8164c41e29915c46ef374369f7760b
GuLoader
be4c2083b065f457197a64c7192cc7f679a53e53737de2f64c41403170434faf
GuLoader
c90c7a5567f9db6866c7028e6dd1da3bbc962c42e5fe17f393fd3aae6c7d63d5
GuLoader
dad750195d0fc6695caaeda6ae16fe7131fab602fbc0b412e8a14703e0664788
GuLoader
fcbcbc48c784b9238ca42b16ce377ad3b3dd9db06cdf7460ce9e6db2debc3d60
GuLoader
+ 268 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6x1xynfat2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 83aace37947236baff2678c61b9e66151a28a719c31db9876325907e1f0caed5

GuLoader

Executable exe c08e9dc3b7237d74908e572f68d6808dc155f632243a87eaef985c67c9caee85

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369174/
  
Dropped by
MD5 2142665dc0b476b0a7561166fa456b67
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 83aace37947236baff2678c61b9e66151a28a719c31db9876325907e1f0caed5
Cape
Cape
https://www.capesandbox.com/analysis/4967/

Comments


Avatar
CAPE Sandbox commented on 2020-05-27 10:19:27 UTC

#Azorult

https://capesandbox.com/analysis/4967/