MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fed9e44ddb370d622427fbda5d67440fb3435f1461f8c3331ffff1e1abba560b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fed9e44ddb370d622427fbda5d67440fb3435f1461f8c3331ffff1e1abba560b
SHA3-384 hash: 5f8e15187ae0343cca0798c71726502b71ac1b6c48fe4d5ddfdc7bae971447e94c707e4d24c45067a647f5cfa818f146
SHA1 hash: 08734cf8baf8375c0bb0e193aaf5a45f93aaf078
MD5 hash: bff99e15dd1ed8e9348716e6d89097d4
humanhash: august-georgia-spring-romeo
File name:payment inv.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-08 12:05:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b41b784bcac29420f4e6d96be8d7e6f2 (1 x GuLoader)
ssdeep 1536:aJysFY6TjMDo0u9q1yJ0goKK3GwDGWrAE:aUxuQ89qYnjE
Threatray 6'183 similar samples on MalwareBazaar
TLSH B283AF237C98CA42E01046B16DA3DAF52627AD0C5D026F873559EEDFDD716822CAB23C
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: lamco.ae
Sending IP: 23.227.201.155
From: Shabeer M. T <shabeermt@lamco.ae >
Subject: Payment Assistance Due To Covid-19 Pandemic
Attachment: payment inv.img (contains "payment inv.scr")

GuLoader payload URL:
https://ny.libconsult.ca/bin_zwDPVdrOs68.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7000/
Detection(s):
SecuriteInfo.com.Variant.Razy.681846.18844.18109.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:07:12 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=73m6ito3g4gwejbh7pnf2z2eb6zugxyumh4mgmy777y6dk52kyfq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
35bb2187c8bcf8921677dc34a4a3bf7f33144c97370346f4ff616c82a2e278b5
GuLoader
41519f4cbc28650e8151b62f9a6b9503274a80d6dc51bade4a118812742e63ab
GuLoader
42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58
GuLoader
51ba9fa1830056b815cc4203b57ee4f46b26a5f7dd7f6a01066c94fb88bf8f01
GuLoader
52e01cac4f5319a7d1177aae77861b4ad8f77b26581d089e948344d0e608b80b
GuLoader
6ff25388a91cbed0a11467e592e39e34c54de49d61876a2a201554e67c5b8cb4
GuLoader
77839da1c15d6390080afe07320af399a007d5b69bf4fcdf63fc71e795929cf7
GuLoader
dea5303370177b621cdd1fd497396ddaa9e94d3edd1407339f52f0dc85a67046
GuLoader
e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0
GuLoader
ea0bcb9c44a356945727a78ca03b727f5ce4dd69accb51dc7fee5918477133be
GuLoader
+ 6'173 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-96xffvje9a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img b9ff425903dfad9f154ae0ce782917c14b3eb5cb81361fe5a9462b3d0fccf552

GuLoader

Executable exe fed9e44ddb370d622427fbda5d67440fb3435f1461f8c3331ffff1e1abba560b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383085/
  
Dropped by
MD5 86f26a7ff3c27dc678099866703db92d
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7000/
  
Dropped by
SHA256 b9ff425903dfad9f154ae0ce782917c14b3eb5cb81361fe5a9462b3d0fccf552

Comments