MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464
SHA3-384 hash: f7f6699c1fd59bccc12128715eacda5d5c656a52e044acf31e85a0db4c8ede59833a26b24d0ece0f84655aba7e260f1c
SHA1 hash: 9815ca94e996c7bb869d4fc5df5fa4fcf32df972
MD5 hash: 9caf37f0c2955ab53d227bf6bfbcfbeb
humanhash: green-freddie-burger-salami
File name:PO-W9087.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:12:40 UTC
Last seen:2020-05-27 17:50:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c13030dd86c1aa63ffd90876c60b1a30 (1 x GuLoader)
ssdeep 1536:MMkm7oJy3tMYMNBOdFveMQYmdq8C5WFuPo2o:M/Jy3tGBQuv/CTZo
Threatray 72 similar samples on MalwareBazaar
TLSH 51B31913F4A09C72FD748BFA0871D9686C22BE293A166F073549BF0E1D365CD66A071B
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.cherters.net
Sending IP: 45.95.168.241
From: sales02@cherters.net
Subject: Re: Re: PO_W908
Attachment: PO-W9087.zip (contains "PO-W9087.com")

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/w_BprDFjA52.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5733/
Detection(s):
SecuriteInfo.com.Variant.Jaik.40167.5291.31649.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 10:59:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
6327c2d28925dd4680b13585501e34181fc4beefaeb08040d1c10fc91a16f0a3
GuLoader
8d6e4671da660a178432514e56aaf7445ea4f03a60f20cc9b6d29826ab435975
GuLoader
b092a330b736b90c25196d0784455f5d605aae83dca16f8569451236204d0976
GuLoader
bd476e4d4bb6f46ca0e62c6a2ab34f90b025d3cc6a0895be9073bd48997d1b47
GuLoader
d335fad41e3f9b09effaf617e6c56554b667191c9c94f4b644a15b396408858b
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
dcafd8ba263cf7e448be257a8d25c968a0060908f93f9d02a068bb0dd482879f
GuLoader
e63df6a7f5c2a30456c884959644745ee0174df416492324c5ee31635958f855
GuLoader
+ 62 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pmlywkzgd2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ba5c1653ee0078678d28844ac89128adf103e971269961773260899a80a43301

GuLoader

Executable exe fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369925/
  
Dropped by
MD5 d5ece45a8e1e80ac481215ce692e1aa7
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ba5c1653ee0078678d28844ac89128adf103e971269961773260899a80a43301
Cape
Cape
https://www.capesandbox.com/analysis/5733/

Comments