MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbe3adc3ffef68644b53d19190b59e28e31b6caedb7ba852ef2158e662921a37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dbe3adc3ffef68644b53d19190b59e28e31b6caedb7ba852ef2158e662921a37
SHA3-384 hash: 56554de075241fcc6572897b8b923b8eacd569bd438039eb459476ec2becd048376ba7e6eba7b0f12e48c76dae55388b
SHA1 hash: 38df15cb268f57c110d8bb8c187492d4af7782eb
MD5 hash: b4e1b4bad261f51f70c12abcecb102ce
humanhash: florida-snake-hydrogen-pasta
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:06:21 UTC
Last seen:2020-05-28 08:22:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0bc47668843deb03784037378aa6fdf9 (3 x GuLoader)
ssdeep 1536:uALWBEmdem/3C0HbAy4Oz0H4UM1x6XF2BD/BHBk2+E7+SrY69HE:ZLWBXVfvH8yxQRM1GkLBvg
Threatray 679 similar samples on MalwareBazaar
TLSH B4143A237A2AECB3DA4504B1D9E1C9F81859BC24C817897B75C13F2E35F5182AE76336
Reporter abuse_ch
Tags:GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mx3-dti.idweb.host
Sending IP: 202.52.146.81
From: Poladata <poladat1@poladata.co.id>
Subject: RE: RE: PO32008 CT
Attachment: PO32008 CT.gz (contains "gunzipped")

GuLoader payload URL:
https://asmobilya.com.tr/AmHome_bhPixbUN54.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5798/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.25121.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 22:36:23 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
GuLoader
14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4
GuLoader
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
2df7880f7255e5944ae288c0bf24817085bb1a8291257d061f09919746095286
GuLoader
41b0a4eba05ad382e109d412680e4a5a636cbc7dc6928c5de923d689f070ece4
GuLoader
770dd4f21e05b0212382997ba4de342c4afc663c2867867432ca06cc9e93bbba
GuLoader
7e93dde14915a790ba530c8df9aafdca662a2372210036abeeee86b9b7cb5c4f
GuLoader
823a4cc1becefc6e8d75c478a8f79fe78852c3ef68e4801ab6e198fa34084f70
GuLoader
8b04dcca28022f6065a0aab229d6fb466ae313dc5dda21b0a7222225d0facfd5
GuLoader
daf9a22fa4f5634d74b6b04e7eb503ac16ccc3787d51b161d26a950d7733008a
GuLoader
+ 669 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-23t6rpshk6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz b3c12c7a9d19a2615a745e3499803d1c3cf21c5d8f3b741ca93f6a0a978e8456

GuLoader

Executable exe dbe3adc3ffef68644b53d19190b59e28e31b6caedb7ba852ef2158e662921a37

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370271/
  
Dropped by
MD5 646b4e54ceea9f4ca85f867f1ccfc6e6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b3c12c7a9d19a2615a745e3499803d1c3cf21c5d8f3b741ca93f6a0a978e8456
Cape
Cape
https://www.capesandbox.com/analysis/5798/

Comments