MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53e239b6031b90ba0da5ad4913eccc1d651ede3bb4b5c21a02d81387f48303d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53e239b6031b90ba0da5ad4913eccc1d651ede3bb4b5c21a02d81387f48303d6
SHA3-384 hash: 10f4931aed5360432250a976da6b5ab118e54c303206b454594328ad2ac0ee1a1213c8ef9c288662d7ae8337211d97b1
SHA1 hash: e6c7a9f0b899e08906255952d95e0554cb810713
MD5 hash: 0f4b61fea912079a7df276855d48b96a
humanhash: aspen-illinois-five-vermont
File name:VERSANDDETAILS 12-05-2020·pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 15:53:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5edd5532cbaef0571d77606bc6ac2045 (1 x GuLoader)
ssdeep 1536:NwEB1vbpUNBOUQ3lLeArrPvclP0qtG0Ea8kqD48:ND1gPt2
Threatray 1'973 similar samples on MalwareBazaar
TLSH E5933A07B5D0EA73D2199DB07B25EB980576FC305A1D8C4775C03B6EEA36E12B52132B
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vps.cnidcloud.com
Sending IP: 198.38.86.192
From: trackandtrace@dhl.com
Subject: Aktueller Status der Sendung mit der Sendungsnummer 39514496922
Attachment: VERSANDDETAILS 12-05-2020·pdf.zip (contains "VERSANDDETAILS 12-05-2020·pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 07:19:57 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kprdtnqddoiludnfvverh3gmdvsr5xr3ws24egqc3ajyp5edapla._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
010178bde9e8366d4f93c28ab8a65a7acb802353f9370de9a807ed621fa3d24d
GuLoader
23f8a240f24779895ffce4e489da04e8cc2c705b2311e13a44432a6ef1b1b430
GuLoader
2786efe3773e80f8c604fcc48b4f24911d86c7d5b1df5d19c4e17b1002255e64
GuLoader
7ba1021aa7ca0d20da2e205ff413a3153f4f3bb444a8a2bdfc0d97d3348b84be
GuLoader
8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09
GuLoader
8fa47ee760cf1c21de132ec77eef49282a2312f197aba6026ee1de750051014b
GuLoader
a077d38903221c844f9f20a8c6e022a3242445b85faa55e8e650b7a727e048ae
GuLoader
ceaa099f2a2de97a363ef5f7cd4e42fc5f362113a470db75d69848e24a52b14c
GuLoader
e43b2e9112cfdb0636686ec8994eaf717d159d10daefda23f11588a424468e90
GuLoader
e7e511b27ab7c95f959c45346cc2e4d79251e238e8e57df181be987036bfcdf5
GuLoader
+ 1'963 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6dymysqbe2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

85d862945edc862e62e8e4aa061dd725

GuLoader

Executable exe 53e239b6031b90ba0da5ad4913eccc1d651ede3bb4b5c21a02d81387f48303d6

(this sample)

  
Dropped by
MD5 85d862945edc862e62e8e4aa061dd725
  
Delivery method
Distributed via e-mail attachment

Comments