MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbeb6fc678c983a023b892e0683af51a063ade164a64ae719c07241c3d5d15f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbeb6fc678c983a023b892e0683af51a063ade164a64ae719c07241c3d5d15f1
SHA3-384 hash: 50b3e9be74e0319e27138cf756166c566dc37f15e190acb83a166f72689944618d21b8af26aeb232036be5d6d6791f7e
SHA1 hash: a03706314431e58c1e0504fcbde78452d348c265
MD5 hash: 537d41490717d37751107c93f40659e6
humanhash: comet-glucose-angel-coffee
File name:Order.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:13:28 UTC
Last seen:2020-05-27 17:49:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2725e764a77636ee566ba91b26a48f8e (1 x GuLoader)
ssdeep 1536:F4stl+kXY8y4jMlQNzJO/CVHO3AtRxGV9Zh:qstPRjMlQNzl6sc
Threatray 365 similar samples on MalwareBazaar
TLSH 3EB34C43B5D89C72EC65CBB04A7195659C37FDB97C104B03314ABB8E3A379C92AA031B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Miljanovic <tomka.miljanovic@dbe.uns.ac.rs>
Subject: Fwd: Fresh order
Attachment: Order.pdf.cab (contains "Order.pdf.exe")

GuLoader payload URL:
http://bitcolony.io/emakc/emakc_pAdCD149.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5737/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33911951.16408.29501.UNOFFICIAL
Create hunting rule

Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/362806
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 04:12:31 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1f02d06a14d5e83c297271a24f9dad9f28d25e387bc65784077ddc27165290b5
GuLoader
250cfc3bf5271e6a5cdd6ebe240865bf2f960c877590b679c878181b42f85341
GuLoader
4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308
GuLoader
548c375182f63e134625ec757d001e42051be39bf22f4065932ba53557825312
GuLoader
ace64cbe1ef91a0b14602264fe0de8e3698cb8b901cbd6251b3fd11d87a0bef6
GuLoader
b0fedb5fc4232c07ff1161ddcc830cf11596ba2653cc7cea1d5666b4bab1f276
GuLoader
b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b
GuLoader
b87295a4b2fb2d2f4df9d502d52e2f50a5e9b3ba9f56b17e252fa0f3022ae6f4
GuLoader
cfb6b2b831592f1ebd43929977ae4963f8c2b3b2472214c82c3c3c1513a6b54f
GuLoader
fc0ffda44e2748b424639a1592356cc209abf6045a8d6a069f5f562ea1f31763
GuLoader
+ 355 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bwze9vv4x2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

cab 4cc74433e16a6c08348944c9d8a9ca3e1476ca6a8305a9776ee78fc438a1a4b6

GuLoader

Executable exe fbeb6fc678c983a023b892e0683af51a063ade164a64ae719c07241c3d5d15f1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369928/
  
Dropped by
MD5 3ec4e90314c6f6f56d655113850b6d3d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4cc74433e16a6c08348944c9d8a9ca3e1476ca6a8305a9776ee78fc438a1a4b6
Cape
Cape
https://www.capesandbox.com/analysis/5737/

Comments