MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbf57cc719888dac0ce1630ed61752c1689e624174b8bf6c6e1130c2b897fb7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	cbf57cc719888dac0ce1630ed61752c1689e624174b8bf6c6e1130c2b897fb7e
SHA3-384 hash:	2daf45a851eb93befdbdca3487c149bc94f264c9da25ba91a9a4d82dff05f85b844ad247a28ce16db77b1e4b41c59417
SHA1 hash:	17fb9d5a7a46c1f0e40fc828450d275183fe09d8
MD5 hash:	43084731def8eaff62e30f4b76cb61a6
humanhash:	double-spring-skylark-coffee
File name:	RFQ 941009051309.pif
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	73'728 bytes
First seen:	2020-06-11 06:32:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	75386dcaa5e2f0c3153fd547b4abb23c (1 x GuLoader)
ssdeep	1536:bguRtSCsw2gyZriahSh+fHrRB2RO3xuS:ZFsQH8Hd5xl
Threatray	1'016 similar samples on MalwareBazaar
TLSH	9E738D03A604C11BE1A247712C935E681B2A7C284D83AFCB71C9BF4FE5717566DBE239
Reporter	abuse_ch
Tags:	GuLoader pif

abuse_ch

GuLoader payload URL:
http://ratamodu.ga/~zadmin/group/grc_OGowBUpkbi183.bin

Intelligence

File Origin

# of uploads :

1

# of downloads :

166

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/7763/

Gathering data

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2020-06-10 01:15:20 UTC

AV detection:

36 of 48 (75.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=zp2xzryzrcg2ydhbmmhnmf2syfuj4ysbos4l63doceymfoex7n7a._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

093e7cd7215e4c58cde245f8febd7ae91c79e3d01786e8166b6627536415dad2

229d8d98a701a24e93b4e374092a5ce767fb859ffbc243cea9c1486b871dd4fb

34c9285a6b094968258fffe94cb3339c1715cbc6b8db1d309f7075eb0afda2d0

3e1b8febf5f7c0c794dad1a6ae195de982e8c0940997568a370c6fb21511d98a

548323389700ad339d45b349014ceb3abfdf845b65a410872da7e68965ad7cb2

5f0c0c43a813132bc787e581c5456b0bbd3f4bb1947691b9636eec6236861f5c

8d73f17a44953ad8b611e21a6b661c0f39255a88f1a567640110ed8a364ee2ee

96bba127b43b518ff8714242dee393e5aa7aabff75a6df80cf45d9da1dbbdc94

d11f49cceb75957df9dde57b197a71b081579d2a63eaf294974e5d03dbb6a558

f78f5eeea8bfec17ed985d71b265dd5be1bb90f781004a6a473e2e116abe144e

+ 1'006 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-e9j82rm4ps/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe cbf57cc719888dac0ce1630ed61752c1689e624174b8bf6c6e1130c2b897fb7e

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/386463/

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/7763/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample