MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 639c28cc97accffb8a92a13ad5056da2a739421ef4965e768fa57356a6685d19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 639c28cc97accffb8a92a13ad5056da2a739421ef4965e768fa57356a6685d19
SHA3-384 hash: 6f46aece8166129cee4fb4a94917fec037d6d054a82127de50fb4225cf06d7277e6b963a1ee580a31e507fad43f1e3af
SHA1 hash: 100644dc6cc787353eed38b118a0e9819a2eb8e6
MD5 hash: 5c71ea0375eb371b01f2e4aac6e40d26
humanhash: berlin-nineteen-mexico-maryland
File name:DHL invoice USDEFI001454105.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2020-06-04 15:54:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 30aacc0e268de862abe7c4da5477dcaf (1 x GuLoader)
ssdeep 3072:ufEcuDynWfxVyVNpjHotk3PV55hkXuPky1yj3i4RVGea9QKO:uscuDrfi9jIS3PV6fy1yTi4RVGea9Q
Threatray 5'109 similar samples on MalwareBazaar
TLSH EDC39C073D5DC342E0410AF13C634EAD3A67AA1C8D949E6F204AAEDFDD752526CEA11F
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mails.cesosenintl.ml
Sending IP: 193.142.59.85
From: The DHL MyBill Team <track@dhl.com>
Subject: Your latest DHL invoice : USDEFI001454105
Attachment: DHL invoice USDEFI001454105.rar (contains "DHL invoice USDEFI001454105.exe")

GuLoader payload URL:
https://qif.ac.ke/kayP_zzZBumFpCL90.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6572/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 09:51:24 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=moocrtexvth7xcusue5nkblnukttsqq66slf45upuvzvnjtilumq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
5c70123d1edab1b0a21e7739eb78134aa2dcac1edf08fab8a365463b4d1070d8
GuLoader
845f37af5c185070659d6a1567091c612a7f4363bbf0e93192f099967d6d8cc2
GuLoader
991289640d200976fd319f76f9acbbf7f3e304b24b5117cb8da23bcf091b2a06
GuLoader
a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0
GuLoader
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
f708f99bcb86bc017f5b34435a241cb77fa4bc4c37d47b85f1ecc43e9ddc365c
GuLoader
+ 5'099 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7jbmr9a5px/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 5ea3a880de4fbe0e6de406094fdd861c867682793e37c60b6d060b1b595263c8

GuLoader

Executable exe 639c28cc97accffb8a92a13ad5056da2a739421ef4965e768fa57356a6685d19

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365990/
  
Dropped by
MD5 cf65484543acc81d621f2a2222286d35
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5ea3a880de4fbe0e6de406094fdd861c867682793e37c60b6d060b1b595263c8
Cape
Cape
https://www.capesandbox.com/analysis/6572/

Comments