MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ceb781fef96cb41bc001482e6cd3af83da86eaf8dad6c06a4d07a4e364e7b548. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ceb781fef96cb41bc001482e6cd3af83da86eaf8dad6c06a4d07a4e364e7b548
SHA3-384 hash: 175e2be930662f1c2704a08b1bb02f3904c3da180faf227d918e3c62887be4429cc313d405e73867b0b3b19cee0e21df
SHA1 hash: 54a05b48ec349d92ce683da2cc0746ca3734f215
MD5 hash: dbd8b1ab4644e44b83f2d6d434617a95
humanhash: eighteen-don-uranus-kitten
File name:Fresh Order_Company INFO.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:35:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b2dc8e309e0df5f3d518180d265d9872 (1 x GuLoader)
ssdeep 1536:jHUuYAoa7bBIG3Ap2jyH11rXvwgFw4UJ7AdWozH6cFG4ETR:rU5ZwtICA8jyH/bsT7APU
Threatray 119 similar samples on MalwareBazaar
TLSH 3A144B32BA6ACCE2D98145B4DCC2C4F51521BC15DD1B8B23B2C47F2F36B91D7A966223
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp.formosabag.co.id
Sending IP: 122.102.44.2
From: pbjl2@formosabag.co.id
Subject: Fresh Order Requisition
Attachment: Fresh Order_Company INFO.rar (contains "Fresh Order_Company INFO.exe")

GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/frega_gFsdIGK252.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5842/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.6881.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 08:35:50 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
160684d9f79b0e33093a76315cbe47afd4d0f27f5dadd1b6fa314d8ff8a64370
GuLoader
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
GuLoader
6c47beb6dad9fa342b607b9868de8560ede70fc5cf2819c0269c5d6fd6c961bf
GuLoader
742fa567f6c1b57e2d73442cd06817027e09ac33b4cbdbafef0cd462e9bf6343
GuLoader
74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b
GuLoader
770dd4f21e05b0212382997ba4de342c4afc663c2867867432ca06cc9e93bbba
GuLoader
823a4cc1becefc6e8d75c478a8f79fe78852c3ef68e4801ab6e198fa34084f70
GuLoader
a183841ad3d2f5ce88d9361676673b77ea0610abac6c5206eba8f12dd8abb8b1
GuLoader
b9faefd420a9117fddd3bdc6c42bc5c5d07d0cec65fdc7acb2d715b752b44967
GuLoader
+ 109 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-k33kmhjv8s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 49989d5d8d212f55751bd8668f3bf17782a96e415526d9bb51a5917f66a469c3

GuLoader

Executable exe ceb781fef96cb41bc001482e6cd3af83da86eaf8dad6c06a4d07a4e364e7b548

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365940/
  
Dropped by
MD5 12f450563271da9ca131142975ecd6bb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 49989d5d8d212f55751bd8668f3bf17782a96e415526d9bb51a5917f66a469c3
Cape
Cape
https://www.capesandbox.com/analysis/5842/

Comments