MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f708f99bcb86bc017f5b34435a241cb77fa4bc4c37d47b85f1ecc43e9ddc365c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f708f99bcb86bc017f5b34435a241cb77fa4bc4c37d47b85f1ecc43e9ddc365c
SHA3-384 hash: c43f1d166548787d6c8e465c2d4202901d0d2871a07bebef2fe2302f231db8f7020bd56e66707fe56d1ab6ddac830657
SHA1 hash: 5ed31ddd28a6b0397fec2db573d1a87df65d7480
MD5 hash: ea5d4cffe8eff16c069c64471b5d9e95
humanhash: july-massachusetts-early-social
File name:Bank cordinate and payer details_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:02:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 61bfa415472dafa0931ac1a2234982c1 (2 x GuLoader)
ssdeep 1536:d7SPfxV40D7SoJiRIll23vne/kgrKHxLdGKc+o0FDHdZ1gID/Z386kh0d/Nblr4b:UPXSR/3GfKVdhjFD9zX/hM0z0
Threatray 5'107 similar samples on MalwareBazaar
TLSH 28B36B13ED4C8653D14447BC3D178EBA3A1DB81889001FDF71795EAFAE712826CAB21E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server1.arsari.co.id
Sending IP: 43.252.137.130
From: Malaysian International Trading Corp Sdn Bhd <accounts@sennego.com.my>
Subject: REMITTANCE ADVICE: IF01200022823419
Attachment: Bank cordinate and payer details_pdf.rar (contains "Bank cordinate and payer details_pdf.exe")

GuLoader payload URL:
https://qif.ac.ke/kayP_zzZBumFpCL90.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6452/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 01:39:58 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=64eptg6lq26ac723grbvuja4w572jpcmg7khxbpr5tcd5ho4gzoa._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
5c70123d1edab1b0a21e7739eb78134aa2dcac1edf08fab8a365463b4d1070d8
GuLoader
639c28cc97accffb8a92a13ad5056da2a739421ef4965e768fa57356a6685d19
GuLoader
845f37af5c185070659d6a1567091c612a7f4363bbf0e93192f099967d6d8cc2
GuLoader
991289640d200976fd319f76f9acbbf7f3e304b24b5117cb8da23bcf091b2a06
GuLoader
a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6
GuLoader
a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0
GuLoader
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
GuLoader
e09c2eb3f06cc722f1035d501755645c3feb569441f465ae3ba69aa4aba6ffa1
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'097 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hhh1ff5vzn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar b7781e49dc590e2a602c6541e7fcf0cbd2766857a850b874003d311fae0eed90

GuLoader

Executable exe f708f99bcb86bc017f5b34435a241cb77fa4bc4c37d47b85f1ecc43e9ddc365c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365990/
  
Dropped by
MD5 a46fe3ac8093b7cab335471034bbca74
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b7781e49dc590e2a602c6541e7fcf0cbd2766857a850b874003d311fae0eed90
Cape
Cape
https://www.capesandbox.com/analysis/6452/

Comments