MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7dd280473dfa42f4770ef4c52cf7d21fc234be5d566dcaf9303f7b41460b8ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7dd280473dfa42f4770ef4c52cf7d21fc234be5d566dcaf9303f7b41460b8ad
SHA3-384 hash: 3c7e936b4c6982d6392d8ea1d075bf4807c04f8c1607ef35452eecc8d63618eca9a4be48c45b023ff2ff9f4b6af1d6ec
SHA1 hash: 8aa86de9aaf189096af43b9991d763b06d1a05cd
MD5 hash: d9efea315e9328e338bd549584d63808
humanhash: bakerloo-golf-pluto-potato
File name:GULF IMPORT ORDER_REQUIREMENT_RFQ (UAE).bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-06 15:12:20 UTC
Last seen:2020-06-06 15:56:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8981e8fca6c56464a540f5f73d8e4be9 (1 x GuLoader)
ssdeep 1536:7RaDrdLtwigtnT4rjwDwvIHIgKK2sMxl/qyBV9xj:irdh5gOrUEXsjW
Threatray 893 similar samples on MalwareBazaar
TLSH 32837C13AA29C451C1980EF03D63EE982B37BD1958005E8F2544AF9FFD75793A8F522E
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: iname.com
Sending IP: 199.127.103.228
From: Mohammad Razal <office_gulfimpo@iname.com>
Subject: Urgent Order inquiry from Gulf Imports
Attachment: GULF IMPORT RFQ_ORDER LISTS.rev (contains "GULF IMPORT ORDER_REQUIREMENT_RFQ (UAE).bat")

GuLoader payload URL:
https://onedrive.live.com/download?cid=8CA507BAA15FDB5C&resid=8CA507BAA15FDB5C%21183&authkey=ALMZ757neDQlM-c

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NanoCore
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6858/
Detection(s):
SecuriteInfo.com.CLASSIC.4978.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 15:14:05 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7osqbdt36sc6r3q55gfft35eh6cgs7f2vtnzl4tap33ifdaxcwq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0494c6b3493335509d5fdce6d9592d796e592fee648f42dded58ddc29e3565a1
GuLoader
3cd60335878e796958d872052606a0988bc14d3dff32d1241357364070007450
GuLoader
684ddddcefaf996082fcadeb05110d369f97063f77e9f3b4a5a787fb0e3c21e8
GuLoader
799d1f1babff3cbb4d32af69d12948ff5de47016063eea48756323516ed96337
GuLoader
7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b04cf62e1182fdae7ca1805ccc467ccd6d9a0db1a3a7419a9d6a2b5e41419d06
GuLoader
c4e474e869076cbf955d57568015fe56732e0b3af1592f03e023063ac2875030
GuLoader
e654d1c784c371f9dfc855685f6cde32d4e18807678594291783c62dabc44f98
GuLoader
f6c4c54e5af63b2b0f393830ddbf2a985289eb9bf6cb8a65ee7d68a79ddeb7f7
GuLoader
+ 883 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-h64smskycn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar c2bc2722432cd20caf5d4f067d43c027660e07a2892fd39421143aae7a504e65

GuLoader

Executable exe c7dd280473dfa42f4770ef4c52cf7d21fc234be5d566dcaf9303f7b41460b8ad

(this sample)

  
Dropped by
MD5 7f33e9139b0beb603ea5a3bc6515b9fa
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c2bc2722432cd20caf5d4f067d43c027660e07a2892fd39421143aae7a504e65
Cape
Cape
https://www.capesandbox.com/analysis/6858/

Comments