MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c2430af1c4b999dbe4534676db7718af6f44afb11335ff574bb82e38e637f9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c2430af1c4b999dbe4534676db7718af6f44afb11335ff574bb82e38e637f9c
SHA3-384 hash: ea5d9425bc7ff7d10b989224486005252d5343efa8c848a1fe3c30e85eb98ac2e24ccb58cb5e611f2b50fb76124d26e0
SHA1 hash: 45214242c50d68e7f5cf490431bed26a6f9ed428
MD5 hash: 43e7002b315f2638f675c023e10623c0
humanhash: two-michigan-eight-nuts
File name:Slagterhunden.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-08 12:09:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 241dcb41722e06547b9c4d8d52f22a3f (1 x GuLoader)
ssdeep 1536:utaquRtSHmAUnaZXZria9cngIovwSyFRUcE5:utC5CggIoDh5
Threatray 5'798 similar samples on MalwareBazaar
TLSH 7D838E17B994C506E0550A703CB3CBA92B667C2848406F4F2285BE5FF876B967C6B33D
Reporter abuse_ch
Tags:exe GuLoader HostGator


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gateway9.unifiedlayer.com
Sending IP: 69.89.19.235
From: bahaa@abmaritime.com.jo
Subject: RE: Bank Details
Attachment: Bank Details.ARJ (contains "Slagterhunden.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=15xPGmz8SkqXgoMEABNYey1kQvFJni_x2

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7005/
Detection(s):
SecuriteInfo.com.CLOUD.24143.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:11:04 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bqsdbly4jomz3psfgrtw3n3rrl3pisx3cezv75luxobohdtdp6oa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
494d5e5f87c9552bce9a4c255ab358cabb144982fca06703255e0ec791626865
GuLoader
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
5c6d005bb7bd065341b432bf6a27117c76115e18ae10fd21906759d05d05f733
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
GuLoader
9da0df6eb709cee7468a850c0b59914ca84eeace25bea74ed6d393e0e5e84737
GuLoader
aa7cc20a00c3eeaeeaf4ddf79ea3dd717320050777ce67afe196afc443c0ac60
GuLoader
afa8c23ac5d9fc6fbe15cd6baf1b64c40efd1c62c9ddefe88329d26551db32f2
GuLoader
c2fad0ca69171eabf05cff3020af18e45b34558b660e5197bdb4c0c072c9cdde
GuLoader
+ 5'788 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj d0f86735151c99e0bb1a8d2c58105d0a0f136952c8391e3ac905b66a3a7f8852

GuLoader

Executable exe 0c2430af1c4b999dbe4534676db7718af6f44afb11335ff574bb82e38e637f9c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383144/
  
Dropped by
MD5 f93bdd792af5350b4eec20d163b97e66
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d0f86735151c99e0bb1a8d2c58105d0a0f136952c8391e3ac905b66a3a7f8852
Cape
Cape
https://www.capesandbox.com/analysis/7005/

Comments