MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844
SHA3-384 hash: 8e8578bfa0d740d0cbe6132cd5194d05ceb435bfcaaaf717ae8de6d4a0f3d83f9a8c3fbafe24c167a12d32213918daf2
SHA1 hash: 6997364fa04dcaabcfec9d587f5f8fbe88dec2f3
MD5 hash: 6035b222b1834532af46d4d01588955f
humanhash: pizza-july-monkey-solar
File name:6035b222b1834532af46d4d01588955f.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:196'608 bytes
First seen:2020-05-28 08:40:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 270538a383d0e5632fc0a27ef22ebcbb (1 x GuLoader)
ssdeep 1536:lfRNXCUAogvVgR1o8sqYxLdtQlDmATiIrpH0wsHm/jnceoWurcvy:lCBTvVEDLuwT6
Threatray 615 similar samples on MalwareBazaar
TLSH A2144B36B6A6CCA1C68109F4D5D6D4F91461AC10DD168F2B76C0BF2E327B1939933A3B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uU67XlIT1u2cQUc4ePN8HnXIy854iuQg

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5846/
Detection(s):
Win.Packed.NetWire-7916261-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:49:29 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1b161b9398f1f28f73c9bfaa6b536cc8bd49d1de076d78404f9a1fe181ec02b7
GuLoader
26c22b4054e91bf9d7b89ae538496d9b728486ae6b337ca31dd01f3200d7d7f8
GuLoader
286447febcdd772fe14fb74b1768dc381ae5a1e4f8c7260de3db5991ce88f807
GuLoader
42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58
GuLoader
4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0
GuLoader
8b04dcca28022f6065a0aab229d6fb466ae313dc5dda21b0a7222225d0facfd5
GuLoader
a1e8840b05e211a9aa314ac0d4359068094bd9016c77b43591bc543b37e7022d
GuLoader
b9faefd420a9117fddd3bdc6c42bc5c5d07d0cec65fdc7acb2d715b752b44967
GuLoader
daf9a22fa4f5634d74b6b04e7eb503ac16ccc3787d51b161d26a950d7733008a
GuLoader
e013766345fe3fc36669625205e1088b24b4c9cd5b42696cdcf3cd31d76c8a35
GuLoader
+ 605 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-b1e1ycbryj/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe f5f2578101553a0f24cbeb4f1691d37232f62d4e5986886116e2939272555844

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370388/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5846/

Comments