MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1c48eb812cfadfaf6e319ab425cb729a6ad02c2c3b88b726839d4888d0cf6ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1c48eb812cfadfaf6e319ab425cb729a6ad02c2c3b88b726839d4888d0cf6ff
SHA3-384 hash: 2ee54b8b6d23d7d7c737672dfcaf19725622c6da3d88e4c9b3a11b448845e54ac131cfc57faf0b1f3c79899a1635e72e
SHA1 hash: a9e9bca2fa8d3d7f3f6a20c80f7f2551bb07ca1b
MD5 hash: 54b82b5d37e82526d5a8a4b7ad84414a
humanhash: michigan-coffee-floor-maryland
File name:10246_08062020_055027280XXXX.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 11:54:02 UTC
Last seen:2020-06-09 12:48:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 308e076439d75c893f0b518c3120fc97 (1 x GuLoader)
ssdeep 768:bvLNGMjJvbviBZHd33Ng/CcpGROi+sQbjoFe+ySLy62YKuJVHl25:bvLNG049eKQbFiRnKuJVk5
Threatray 979 similar samples on MalwareBazaar
TLSH 0E73C31B6D6D9C2BD1B52FF169266586130A2C04BB503A6B159CFFBCF3704E23DA2706
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: equitybank.co.ke
Sending IP: 103.207.38.152
From: Customercare <customercare@equitybank.co.ke>
Subject: EQUITY STATEMENT REPORT
Attachment: 10246_08062020_055027280XXXX.zip (contains "10246_08062020_055027280XXXX.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1qbvfM809NHhOyoFvYB9J50s9bL_2w_jK

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7302/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Trojan.lm.30176.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 11:53:26 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6hci5oasz6w7v5xddgvuexfxfgtk2awcyo4iw4tihhkirdim637q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15187de4f29194c60f3f199549c345592e967ee8ecf9a39b0a40c1796fdb222c
GuLoader
3ab6a46e13911f31494184adc9f030cfd6f81ea2f243b4fd3b4ea3c9d5c5a3e0
GuLoader
511e0187a9180a083947a3bb3de77215fd37b0cae921181dee572bf537d2bea9
GuLoader
66812d316b85e20248c4af1f141a372ec1e434d951f7c6fc51402ab23da87845
GuLoader
816a22640c198358df27b5953469f956ad1f0c88cdfc53a3c9e3b426516d0950
GuLoader
85a40f3f59fb797494adf184b0dbee2b3d8089e9686b9f484c5242c5a75085a9
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c8bdfc9eea22464897b3dae7829464348f27a1ff1989cf33d1de95bc0a99527f
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
e3bdb2a06e43b09073cebd4f7a7fe633d45d1c6d149885f7b815cc591fe3b453
GuLoader
+ 969 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sny1b4j6ca/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 29963f2b6f3de89f0ba6e30ca138d5846241eb4acbd3e30bea4896d148b7b2b7

GuLoader

Executable exe f1c48eb812cfadfaf6e319ab425cb729a6ad02c2c3b88b726839d4888d0cf6ff

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384564/
  
Dropped by
MD5 17824d81e04994148b1574bb6864e98f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 29963f2b6f3de89f0ba6e30ca138d5846241eb4acbd3e30bea4896d148b7b2b7
Cape
Cape
https://www.capesandbox.com/analysis/7302/

Comments