MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
SHA3-384 hash: 3475be63ec259cdb94a163091bd2219609f48b08635b598df0023fb5e0ead7241a405a6d7782a6d2039bdb53b84f907a
SHA1 hash: 47d1e80490af53a4b5cba413e3db660d8f54744c
MD5 hash: 5b437a21d4c542518f33356118540418
humanhash: hawaii-sink-alabama-low
File name:AWB 0198273-20-05-20.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:38:58 UTC
Last seen:2020-05-21 09:51:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c10e381e463a9db29aead1c4c8685a2c (1 x GuLoader)
ssdeep 768:wnl7qzhKD/SUoItF4H7w78vVx9QolnwmDC3874jjxDcVNYf39zYm/R:eIglo9w7mQolnFDi87AgvmZ
Threatray 622 similar samples on MalwareBazaar
TLSH 05A31660F660DD70D91582BE1F974A64925FBD740852CB8B70C7BB8E29F2AC2F52134B
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.214
From: Notificacion DHL Express (ChiIe) <notificacion@dhl.com>
Subject: Notificación de DHL Express:Tramitación deEnvío (Guía Aérea: 8158025864)
Attachment: AWB 0198273-20-05-20.IMG (contains "AWB 0198273-20-05-20.exe")

GuLoader payload URL:
http://kuroilersuganda.com/bin_OBmivft151.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.31401.1903.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:36:38 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wzneeujemxec3acl3nlllypggox2ivy2edogruyr5swuvd6dmvgq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab
GuLoader
1cd0666b758f28d4d3a402dc10f1b185f5a1fbbe7f74cfceea475e72a5bbecb0
GuLoader
473f6c38f3047708289a930f291a474052b160a9090bc6c2844f53b6226805ad
GuLoader
59825608710179356a6809648f78199bce58922841920895d441db2ab64e2da7
GuLoader
8fc12c74c5af599fd99d302b2429d8c8a5d3a5d243d7941758fda223ee3cb7eb
GuLoader
b4c38303fd0ec6723132e2bc5017904720211a5e660d4e8a722707c7d4214586
GuLoader
c21e141ac2bf8379284f20873d9a401fcde6ed367a200fdd7df782e67142ac24
GuLoader
c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
GuLoader
d28f7e29c76ea32e8a690122a4d729408136d83a70ac491231b7458c740c86a5
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
+ 612 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-w4va3ddnw6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img baa9599e5b36cd3b96cc844f0f87ac8c256f3265a8482e47ead87015002d75c5

GuLoader

Executable exe b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365697/
  
Dropped by
MD5 67d8d4b8de07d622b568aa93f64f6616
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 baa9599e5b36cd3b96cc844f0f87ac8c256f3265a8482e47ead87015002d75c5

Comments