MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42
SHA3-384 hash: ae885fc8246c18553bc2f78ddf6c83a3dae132e6c4c2f6421b622c5341de7cce8096436f87a5097b4965478ae5db058f
SHA1 hash: 1b02bd995debe37c43518950b404c72f302297ee
MD5 hash: 301dc484b732027c77d93d8115d9b3bd
humanhash: virginia-skylark-golf-william
File name:Presupuesto 20182.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-06-08 14:47:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7b0723bbbd989bee65acf42e891d9fcb (1 x GuLoader)
ssdeep 1536:i10uRtSvcG9khZriaQTG2apSwRRLpRMgPvnZL:ifKI5M+R
Threatray 1'173 similar samples on MalwareBazaar
TLSH F783AE137E85D252E10105B03CA39B712BA7BC164981AF5B3289BE5FED71B437CB622D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: psm91.troy
Sending IP: 2.56.8.190
From: Rosa Caudevilla <facturacion@tesslibrenta.com>
Subject: Presupuesto 20182
Attachment: Presupuesto 20182.LHA (contains "Presupuesto 20182.exe")

GuLoader payload URL:
https://rebrand.ly/t502o1t

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7065/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:49:04 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3zo2eaeoemogbirh2zyaesevgzi6ajbfilyhaj7eab3afa5zdvba._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c69b80c225b95161ab357d6a35bf54846167a38bea69de84371c283ffcd0a8c
GuLoader
2ffbb987622b48ac9e1b3a53291f9af5a3949ba14019d43756a8219f66af0a86
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
57bb966172a1d6bc994a682ef5da9b8b8fdabef539f44024c7e9368e6416d457
GuLoader
799d1f1babff3cbb4d32af69d12948ff5de47016063eea48756323516ed96337
GuLoader
7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971
GuLoader
996d663495ef1d96ee9fca68c07a4173910824b4956214edd0af1c53501608d7
GuLoader
b189f4b81e32c2be2c252d6f6ba160bf8566aa74be9642af4af5e3b424be54ca
GuLoader
d8893925a5d8f9574be0f322355b79372e9c58dacc1e7737223a7b96e53fe4f6
GuLoader
fa8949da882bd317bc4b975dac2514553258a79a3ec0e7bb2e029f61e131ed66
GuLoader
+ 1'163 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-yjbfk33f7j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar a18769e4806bcec0fc465a9854ad40ca7918ea2cad9a7acb94112bd5319dc305

GuLoader

Executable exe de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42

(this sample)

  
Dropped by
MD5 cda6295999953575f0a262e12eb1daea
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7065/
  
Dropped by
SHA256 a18769e4806bcec0fc465a9854ad40ca7918ea2cad9a7acb94112bd5319dc305

Comments