MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb98989e3e598841af7312f2d7eb011d9dafcd031caf39e39e7208ba37590ad5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb98989e3e598841af7312f2d7eb011d9dafcd031caf39e39e7208ba37590ad5
SHA3-384 hash: 6037be381e1842dd28a7a37e8b13ea74eab56a4c805f5d3a363c41c87f6669f37afb52b937f950a287b7b12df80de667
SHA1 hash: f3785b2572f9114ceae7e7d78bc347257e70e515
MD5 hash: 9aa672d4747104526c4a766a47f87bf1
humanhash: snake-burger-muppet-violet
File name:sales.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2020-05-26 11:19:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a8574dc0e0b14bba3a0dc7718b0032b (1 x GuLoader)
ssdeep 1536:1LifUixbLks2MnssfXZoQIvKR4rtNO518DEczbrs:kxss2qZfWG5RczM
Threatray 185 similar samples on MalwareBazaar
TLSH 39C34C26B9C84EA2D8691FF51C672DAB2D2BAC311A181F0B3246F65C77761C32CF1716
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gfh3.gfh-net.de
Sending IP: 85.236.43.173
From: DKV EURO SERVICE GmbH + Co. KG <warth@lieferanten-marktplatz.de>
Subject: AW: AW:Payment and Order Confirmation 29-04-20 INVOICE_20-613129926-001
Attachment: sales.zip (contains "sales.exe")

GuLoader payload URL:
http://156.96.118.179/RAW-4-DAVdx_xtLnf95.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4974/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:20 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193
GuLoader
11ee988764e0e77d4f2eb76229e59a1a8239b84ac1abf2ce8bf729c985531e72
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
7e7933226a8a988d5ba124e629468d1a4e59ea9fc67a834e8db2cfb03d34af3c
GuLoader
83acd77bd1b76095992046c1cd53fd0fb4f0ae9f22f410facf174f4e1ce2f475
GuLoader
8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
GuLoader
a7cfec855ead8a33902aab33c3c217fbc6fe9fb372c4c8d0c1aec4b493736bf5
GuLoader
c89df787c82531acf38787d9c159b9fc6bd995cb9402ff8f6bab423363c5497e
GuLoader
d0198b775182eab3ed405bd0d946006ec8616b61083e643200d1d34fe8cae2f3
GuLoader
e7ef14cf9416e9962ca7398e2d9890a5c0dcc92952cf27bf00a61880a8551228
GuLoader
+ 175 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mrbkl5mtfe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6718546027ebeb483b5969e21f6d92a1843fb392bd1c0834abb5b33fad7d134e

GuLoader

Executable exe fb98989e3e598841af7312f2d7eb011d9dafcd031caf39e39e7208ba37590ad5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365711/
  
Dropped by
MD5 290446727d77c4a13eb0e9f108a4e7eb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6718546027ebeb483b5969e21f6d92a1843fb392bd1c0834abb5b33fad7d134e
Cape
Cape
https://www.capesandbox.com/analysis/4974/
Cape
Cape
https://www.capesandbox.com/analysis/4972/

Comments


Avatar
CAPE Sandbox commented on 2020-05-27 10:18:27 UTC

#Azorult

https://capesandbox.com/analysis/4972/