MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5a8995e3a1c868d8f0b0c0840da1909c7fc2240699ea41a35bb04f7f8b04c9fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 3
| SHA256 hash: | 5a8995e3a1c868d8f0b0c0840da1909c7fc2240699ea41a35bb04f7f8b04c9fd |
|---|---|
| SHA3-384 hash: | e7716d3a098236a5209c74c3add4a03c92aa8e995d839019099093f4e8acec509519ba15381d9814d86c1ef1cbbbf50c |
| SHA1 hash: | 4103696b1f804cb245cdb9f504b70949405a2849 |
| MD5 hash: | d554dbffe67a7a7604b870c14ad07724 |
| humanhash: | london-one-autumn-hydrogen |
| File name: | gunzipped |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 192'512 bytes |
| First seen: | 2020-05-28 07:33:05 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | cbba53f257288a56de950e840a79f017 (2 x GuLoader) |
| ssdeep | 1536:gUNdO5EU4c1elpFxbdcQOI9en55XO+/lN6R8CkqoG0yEFdfTBzxEmumct1/dVEA0:fY5Efc1kf7r7/1neT/0PC |
| Threatray | 115 similar samples on MalwareBazaar |
| TLSH | CD142A33B616DCA6D98008B0ECD2E2F82455BC11DD17896B7281BF6E717A1C39DB532B |
| Reporter |  abuse_ch |
| Tags: | DHL GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: mxserver22-out7.masterweb.com
Sending IP: 103.25.223.216
From: DHL EXPRESS <info@cn-nakareg.com>
Subject: DHL BILL OF LADING SHIPPING DELIVERY NOTICE
Attachment: DHL_AWB.gz (contains "gunzipped")
GuLoader payload URL:
http://baritaco.com/build_VZiETVXFTj172.bin
Intelligence
File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Fareit
Status:
Malicious
First seen:
2020-05-28 06:16:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
15 of 31 (48.39%)
Threat level:
5/5
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 105 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.