MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e261dff0d343917a991d8a85c2cc852008b3a9ab5a7ea0e088b2b54a83c9147d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e261dff0d343917a991d8a85c2cc852008b3a9ab5a7ea0e088b2b54a83c9147d
SHA3-384 hash: 22e0641716211503ffc5088f5e930d794bd3f663fc72065c4801b61b46ac4eb03c08b55235de66285a3651a0266d8eac
SHA1 hash: ad038b61ad4caeafd9b2beb0951e928febcb47cf
MD5 hash: 3ea3ad44e2e402cc11eba866d986e119
humanhash: sweet-cardinal-texas-undress
File name:Augist 14th 2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:57'344 bytes
First seen:2020-08-14 08:23:47 UTC
Last seen:2020-08-14 09:02:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 19fa7d1f9041d2a260f5289829e3f7b6 (3 x GuLoader)
ssdeep 768:E3HHR67L0IisYCB6P6MzRqM3CexCbrk0t8bme2u+HQk6QxLl9pU3sdAgi:UHHIcIdFQxz2brk08kVxRfU3sq
Threatray 2 similar samples on MalwareBazaar
TLSH 5E430713ADB0A176EB178EB21B145BA9035ABE341420CC07A5C73B6D9BF3E45A53171F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.khudikokarbulanditna.life
Sending IP: 67.207.81.165
From: Kanokporn Kulchutisin <support@khudikokarbulanditna.life>
Reply-To: paulederveen04@gmail.com
Subject: ORDER AND SPECIFICATION FOR AUGUST
Attachment: August 14th 2020.img (contains "Augist 14th 2020.exe")

GuLoader payload URL:
http://ilobabascity.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_yXtVDNVJuh36.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
222
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45622/
Detection(s):
SecuriteInfo.com.FileRepMalware.32513.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/428970
Signature
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e261dff0d343917a991d8a85c2cc852008b3a9ab5a7ea0e088b2b54a83c9147d/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 08:25:06 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4jq574gtioixvgi5rkc4ftefeaelhknllj7kbyeiwk2uva6jcr6q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
c444900170cfcfffd0053d55120ef3de1a37aef88ce5a927a3312b54411a4032
GuLoader
e8ce2fc9936957e5562804f9e72a2e0f96b680605947ab9ea9c881548aafd6df
GuLoader
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-bxcxlc7e1a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/e261dff0d343917a991d8a85c2cc852008b3a9ab5a7ea0e088b2b54a83c9147d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 1ced537c864e8430389cb91a84672a4db3c20a7e9d0268ab71e0ee98b17c0a30

GuLoader

Executable exe e261dff0d343917a991d8a85c2cc852008b3a9ab5a7ea0e088b2b54a83c9147d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/432982/
  
Dropped by
MD5 86ae590e58d6e484e5918aa671ed6453
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/45622/
  
Dropped by
SHA256 1ced537c864e8430389cb91a84672a4db3c20a7e9d0268ab71e0ee98b17c0a30

Comments