MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
SHA3-384 hash: 95b63a33acef8b5f753e22de1661ada730552b81b748ded44ae4b6c4fbe8f1d83ebd01b8502ff5c3daf2c6def827760d
SHA1 hash: 6374332ab451229a4378d9e7f73e6fd32833e83e
MD5 hash: 78ca03cbf0e318f7da1f31bd41ed9660
humanhash: coffee-golf-romeo-sad
File name:Quotation-June.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:03:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e0d5479df142430e9dd2c2c856f0e725 (1 x GuLoader)
ssdeep 1536:FmSPfxV40nNwgJrkgrKHxLdGKc+o0FDHdZ1gIOl6WAXBCWEBohFUu6w2:RPX1zKVdhjFD9zCJ+LGj
Threatray 783 similar samples on MalwareBazaar
TLSH B4B36C07EC8C8A93D14447B93D678DB93A1DA91D48011FEF71356E6FAD712823CAB21E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: nova.example.com
Sending IP: 103.151.124.243
From: victo@vickyonchat.xyzf <victo@vickyonchat.xyz>
Subject: Request For Quotation-June
Attachment: Quotation-June.ISO (contains "Quotation-June.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1-oPhHGF2A35QMubDiMfdnIvDbZa9BdlM

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6469/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 08:35:56 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yqvogvpskqpmpprq4unr7s2quhd5rmgwv6trpwvvgm3jznngsaiq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
799d1f1babff3cbb4d32af69d12948ff5de47016063eea48756323516ed96337
GuLoader
877f342fa777bd70c1308b545ddaff6e70d9a8840c819713e34fcef56e736630
GuLoader
8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40
GuLoader
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
c5ef77c9b5293774ac7a58fba97cce6a84d3948af08b014a08c155e978c09eef
GuLoader
f1c0e198445a81a738ad7509079b63752b0bc934cd66ce39bc95cb50224ca0d3
GuLoader
f708f99bcb86bc017f5b34435a241cb77fa4bc4c37d47b85f1ecc43e9ddc365c
GuLoader
+ 773 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-frhaxae6ye/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 2ee387dc51002ea6d8b82fce95e0659672d9f22696f4d2562ea3be72c4abc94c

GuLoader

Executable exe c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378970/
  
Dropped by
MD5 dbea6b9bd29225ed9be24a03089a412a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2ee387dc51002ea6d8b82fce95e0659672d9f22696f4d2562ea3be72c4abc94c
Cape
Cape
https://www.capesandbox.com/analysis/6469/

Comments