MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
SHA3-384 hash: 25a6561279bb8c2f9c70890f2e138fec28ff373d7d1a66cfbfdd0c67094fe82c606af4c14fa4b7a4adab4c41c79a204e
SHA1 hash: 31c9bea731a28c9b0443eb56122ddc900f5fb6cd
MD5 hash: 978586902a99c11978667d2de997c1b9
humanhash: asparagus-mike-jersey-minnesota
File name:Shipping Doc_PDF.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 08:08:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ca794629b70cd32802276a1c3d7f770 (1 x GuLoader)
ssdeep 1536:/24BhAT35RMDANw1/R5KdjVhd4wGuQmV1GTmROgZnuvv5y98cnkEuZw30ABDBSBt:u44T3wDA8Ci80oknDF
Threatray 219 similar samples on MalwareBazaar
TLSH D4145B36B326DC73DA5450B0D8D1C9F41861BD14DA078E2772D0BF2E7ABA387A916732
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5843/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.27817.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 08:33:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
GuLoader
1e27314c6b097bdd158c3438bc48704f681a20d723fc2185bf431e67f8b56e9f
GuLoader
1ea235444a0510aeabcc31b2092268c3d0d12d82130ad2cb4b9024246e54186b
GuLoader
2eea12d417bbdbd859dc38307e5dfa3e90720865c81bc8ff99af0916d65e1a03
GuLoader
692cb1e4b283f3867882eb2443593545b7a822ce0cb8787c138aac6da9f6e46f
GuLoader
6a6153c0ed8295d63f23fae313939e61eb3f94cd61f7a34a22a6557318f032f1
GuLoader
742fa567f6c1b57e2d73442cd06817027e09ac33b4cbdbafef0cd462e9bf6343
GuLoader
770dd4f21e05b0212382997ba4de342c4afc663c2867867432ca06cc9e93bbba
GuLoader
823a4cc1becefc6e8d75c478a8f79fe78852c3ef68e4801ab6e198fa34084f70
GuLoader
f5e259dd4c72111e39df8ac18a4e3307e95e701a552d1c96faa648bc094ae468
GuLoader
+ 209 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-aawclz399a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace de351e893057bf956bb478f1c21c90185bef430391b464f104b237b74e17dc1c

GuLoader

Executable exe 2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286

(this sample)

  
Dropped by
MD5 ee46e45b569110c577be0996dbe8f031
  
Dropped by
SHA256 de351e893057bf956bb478f1c21c90185bef430391b464f104b237b74e17dc1c
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5843/

Comments