MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0255e294b079746046ab33e05884561e96746033d2e1b05a268af0f8bd2f3d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0255e294b079746046ab33e05884561e96746033d2e1b05a268af0f8bd2f3d5
SHA3-384 hash: f050436c7d90ce5b98bd1301195550b8cb67193a2d0568d3f9839424de225b5a40d73fcda166b0aaf0c693be08c00140
SHA1 hash: 117720d80fa5984960ecd1184ff6c211c8d1ab23
MD5 hash: c890b27ddeebdad15fde64689b544edc
humanhash: enemy-florida-single-beryllium
File name:Wadableevasio8.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:32:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6928c46ec65039dc069f86a51592e54a (1 x GuLoader)
ssdeep 1536:USPfxV40x8Z2Pe4gldWkgrKHxLdGKc+o0FDHdZ1gIBCw82Y45vxGOgod5V:VPXlOd4KVdhjFD9zB881d5
Threatray 1'332 similar samples on MalwareBazaar
TLSH 41B37B17EC4D8643C1044BBD3D579EBD3B2DA90D09405BEF7579AE9BAE322422C9B10E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.panentour.com
Sending IP: 202.129.224.121
From: Rianty <rianty@setiabudi2.panentour.com>
Subject: Request of quotation
Attachment: Quotation.zip (contains "Wadableevasio8.exe")

GuLoader payload URL:
https://mncarteam.com/wp-content/nigga_zkDjEqogR255.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6335/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 10:35:42 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6asv4kkla6lumbdkwm7alccfmhuworqdhuxbwbncncxq7c6s6pkq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
1acd132956421229e7c8fabb1001381956ff135d042b339f2871763498896d9e
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
83fc18a8a68814bb00e6d7bddbdce27ac5ffdc4dca8f57408e0db2124e4c441c
GuLoader
897c29c75ae58e4057c0d32c3704469a7ecfa4878f5d0c60ad8abe2fa821b0b0
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cb21e5fa44e32d9336ed5ddeb2fdbd7c90e27e0f4342101a04f87b7e4161b7a7
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
f0904d56b0d621156adf1d4449d1b445e6d45eec9c0a4b09e22f9bb95a185955
GuLoader
f1c48eb812cfadfaf6e319ab425cb729a6ad02c2c3b88b726839d4888d0cf6ff
GuLoader
+ 1'322 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-67vp9ftzzj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip faa7cfe559b790d35927b54ea787790c92255564a8dc72cee93c5f117a115a83

GuLoader

Executable exe f0255e294b079746046ab33e05884561e96746033d2e1b05a268af0f8bd2f3d5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376029/
  
Dropped by
MD5 e5750906543b2dbf98cea412a3cf7f00
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 faa7cfe559b790d35927b54ea787790c92255564a8dc72cee93c5f117a115a83
Cape
Cape
https://www.capesandbox.com/analysis/6335/

Comments