MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c99caaeafc28f97895ebdd8533d7c7ac5b617fb0f188827c193a948c237aebb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c99caaeafc28f97895ebdd8533d7c7ac5b617fb0f188827c193a948c237aebb4
SHA3-384 hash: d72848631416bc2f831d7c6c48b5338700974f79d31ebb69511ab369d79c661f15a3578bbfe5d1b20a80136c31a5e49c
SHA1 hash: 191e8cecd49ba4725ef32da63943b1367fa80e06
MD5 hash: 3da7bbf4b9a736ec22ec15075adde589
humanhash: equal-oven-king-eleven
File name:Swift Copy #05272020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:38:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7920f6376c4cdcb65198817b7f650aba (2 x GuLoader)
ssdeep 3072:SnHFuveBKLtojFTHQjRQP6M0PBgP1fq4VKefi+kVab3on:M06HdtKxVab3o
Threatray 90 similar samples on MalwareBazaar
TLSH 51B33A16FDD04CB1FD398FF58976DA681C36AC756C248F0B3686B75C253728A7AE0214
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: digamma.host-in-europe.com
Sending IP: 62.75.189.83
From: kudinova@otis.kz
Subject: Payment Sent T/T Receipt Attached - Overdue Invoices Payment
Attachment: Swift Copy 05272020 1.zip (contains "Swift Copy #05272020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Xz0ePHLZIeLjaaJwRhSU_Zg1x33bcqXM

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5073/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:59:38 UTC
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1863d7653d364f73e1690e3e6ac086b070db17f588ca38db0111b58ad5fccbdf
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
28de8f6722499072f48c519ac1b2f318f56f1a800fb3db515d0700d5f4b1db50
GuLoader
3e9436dd99ea0f6ac9dced7c1569a426ea51c32f3551054704e30797a66feb8e
GuLoader
71c480037054788a2dfd0b0b0c711cfb03faf7ee4fc34049b30fa2738cdd2610
GuLoader
879e7676629e99b237cfb7781fbeea4442ed20c4c72f1e0a64aa596365c53d40
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
f651bb92be806b5ee11a774bdf86227ccf8b720d0d15f31d542d3d992aa064a8
GuLoader
+ 80 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mhl8bgelpn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0ba69f06bf10b41bff555e006d2ee71625d807e55aadf576c4a65b524dd93700

GuLoader

Executable exe c99caaeafc28f97895ebdd8533d7c7ac5b617fb0f188827c193a948c237aebb4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369980/
  
Dropped by
MD5 f1a702fa3806c4f0801f3ac6a7fc2700
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 0ba69f06bf10b41bff555e006d2ee71625d807e55aadf576c4a65b524dd93700
Cape
Cape
https://www.capesandbox.com/analysis/5073/

Comments