MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29bcd4f06dd92b104f47acf511a47742f03d7eca0321ad099c964954416f821d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29bcd4f06dd92b104f47acf511a47742f03d7eca0321ad099c964954416f821d
SHA3-384 hash: 960053abe260601581cc786ce522aa16e7a1877ee9c471d34fcdb006a40d5ada123896ba9eec62ea56764255d197c08f
SHA1 hash: 4af5da2c26fc327901c11eb7a7bfb8211eb9c297
MD5 hash: 8a5aaed89aaca5d91e6b6c591381eaa5
humanhash: emma-speaker-zulu-oranges
File name:Fehaareneri.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 17:25:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9798baa410126c07b34f2fe530c1ebae (2 x GuLoader)
ssdeep 1536:gSPfxV40r4jRcUHkc5SjkgrKHxLdGKc+o0FDHdZ1gIbcIexA1NwhUnM1:JPXr4qUHrY7KVdhjFD9zMHqehT1
Threatray 5'083 similar samples on MalwareBazaar
TLSH FFB37B27ED098643D0058BBC2D178EB97B0CB91D0D405BDFB67A5EABED316412CA721E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "EXPORT-MANAGER"<katia.jamieson3@faber-castell.com.pe>
Subject: NEW ORDER_Faber-castell
Attachment: Inquiry Doc 505_20.001 (contains "Fehaareneri.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1lAYLsRpKoJyKEjlzzkV0Z7IMh3R-ifiA

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6393/
Detection(s):
Win.Malware.Generic-7998112-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 21:50:26 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fg6nj4dn3evrat2hvt2rdjdxilyd27wkamq22cm4szeviqlpqioq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0
GuLoader
4334ef4236c8a8b7c1c3463875315f16b35ba1d4dfac8c67f8c0cb81f950d850
GuLoader
4c1fe4c0f5d8d1277036802c83df3e083b31318dfc2c194ce93b7169d7ba6e3d
GuLoader
7095eec286427d0c168ef01a9d20e741032194cd9e4fb607c02a55c0a1df29c5
GuLoader
a492b017c3e12fe55493c562ed1304155616cb61b24f6dce0bfcd3eb7a7bdaf5
GuLoader
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
GuLoader
b64442a995a9b13bc92c58cb492ba2ca7a5c8d3a21ac26c6cda19faa42796ceb
GuLoader
d34f87c6a070f4f73344156c16be7040f2932053aea2868e98b0fa4297113835
GuLoader
e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0
GuLoader
e99c6ae5a08e119d151f0c28b6b164d98ca6fd24d1d91b6f57bdf40f3d688c91
GuLoader
+ 5'073 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-n6hjh7gwxa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar d1bcbaf8c9ec8d20d337ff5ead1771eaa5e315d295d8bc63ade1726c16c6535b

GuLoader

Executable exe 29bcd4f06dd92b104f47acf511a47742f03d7eca0321ad099c964954416f821d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376248/
  
Dropped by
MD5 88fc0a0285fba07609a7f58a8adeba7c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d1bcbaf8c9ec8d20d337ff5ead1771eaa5e315d295d8bc63ade1726c16c6535b
Cape
Cape
https://www.capesandbox.com/analysis/6393/

Comments