MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f85b3852381cfbabd654be01a21ffbb798a0feaa3f360fff66f27d499c174898. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f85b3852381cfbabd654be01a21ffbb798a0feaa3f360fff66f27d499c174898
SHA3-384 hash: f6cb218aeb94669561d234d223a1999e1ececbdb8d9f1378c410796394ee880d13f15e9688970de78177315895d69865
SHA1 hash: a52d6e898532e5eeb513ba2b2e5da78de05efea1
MD5 hash: f58d682274255f2611f0aa456bc474f6
humanhash: rugby-social-muppet-xray
File name:SWIFT TELEGRAPHIC TRANSFER REMMITANCE COPY - INSTANT SINGLE CUSTOMER CREDIT 20200505 M.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-06 09:30:44 UTC
Last seen:2020-05-06 12:32:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c698c4f967d2503071e6570fd06ee465 (1 x GuLoader)
ssdeep 768:cQL3rktbSMuZ71FdS1zoyAxjizhbEOYRwFcdxvtjns0rrgWSOdOHT0b6yVYjJ:930zurFA1zoyAxuzhbEHHW07dOz08
Threatray 113 similar samples on MalwareBazaar
TLSH 47B31E942AA0DC12E2597AB2DF90F15DE3A56C3528319A0332C1774A1F399C2EF3576F
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AC.25535.8181.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 08:22:33 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7bntqurydt52xvsuxya2eh73w6mkb7vkh43a773g6j6uthaxjcma._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
552f8a15f83c9c40034cbada93c326a24b8677d7413e8395bfd7f3a6461d33b3
GuLoader
83e97420dbe39c6e29e2ae3dad80f21afe93d1b6ea88962a89762cd64772db41
GuLoader
aff13266e5803a58effdba6e01d44dd6b083db453a0dbf2528f5e729d33918fe
GuLoader
c0a66966676974f8b853ba487eb3e06e8952ccb0f9d6930bf2d1c67293ee21f1
GuLoader
d025b24f7179db8dcc6dda416f90220e9559dde564a5b24c0dc7a02fc823c97c
GuLoader
d3204c9776cd57ecf3f3c44d00b8ee6aede75a9f40699ac02091522162cf46a0
GuLoader
d8e693957ed5178a7f00b1c5705dae298b7e04da07d5c154a6580c031369d6ab
GuLoader
eb69f1b5d596096808339dd39376f1685bf94376491a8df091c9a788d0dc1ef9
GuLoader
ef7a8f1478e57d2dedf96a00501903b7b5a571680286502f2f329ed2c8728b2b
GuLoader
f17c37c6d5e56b96e7d603d1eafcb885b8c229cd1a6ec1d669b1dadcce59bdef
GuLoader
+ 103 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rvjhx4ag1s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 21d317f31a4966f7f6edbb67e27862b0e6b11fcb22b3214031ea1d6f60b7a547

GuLoader

Executable exe f85b3852381cfbabd654be01a21ffbb798a0feaa3f360fff66f27d499c174898

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 21d317f31a4966f7f6edbb67e27862b0e6b11fcb22b3214031ea1d6f60b7a547

Comments