MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 dfc7dc8fbb5ca4e70bd22acc87b2c43c507e7967341974504a255554963fac1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 4
| SHA256 hash: | dfc7dc8fbb5ca4e70bd22acc87b2c43c507e7967341974504a255554963fac1f |
|---|---|
| SHA3-384 hash: | 4d9e71891469f39a2ab7cfe8ab5a2bd90b6b32744b22485722901a320dc7ac961bcb9684127a3c2c4bd70c63d79c80d8 |
| SHA1 hash: | 4430a92b40159e7434904e90a9ce83803ca15f08 |
| MD5 hash: | fddce2578f2c238ed01f97ac3ea972f3 |
| humanhash: | violet-west-echo-lactose |
| File name: | Purchase Order Updates thyssenkrupp Materials Australia 900-5400006911.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 114'688 bytes |
| First seen: | 2020-06-04 06:04:01 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 8a2704017196ea743c1c539aa1a85c59 (1 x GuLoader) |
| ssdeep | 1536:OwSPfxV409WbQtYui0DkgrKHxLdGKc+o0FDHdZ1gIfRZpzjlO00UzihbwJr:qPX9WbbkKVdhjFD9z7Rbcqlr |
| Threatray | 5'122 similar samples on MalwareBazaar |
| TLSH | A8B37B07EC8C8A13D0548BBC3D578DB93A1DAD2949012FEFA1796D9FAD353412CA721E |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: mails.cesosenintl.ml
Sending IP: 193.142.59.85
From: Sales Manager <mark.geyr@thyssenkrupp.com>
Reply-To: mark.geyr@thyssenkrupp.com
Subject: Fwd: Purchase Order Updates / thyssenkrupp Materials Australia / 900-5400006911
Attachment: Purchase Order Updates thyssenkrupp Materials Australia 900-5400006911.rar (contains "Purchase Order Updates thyssenkrupp Materials Australia 900-5400006911.exe")
GuLoader payload URL:
https://qif.ac.ke/anyii_DbAFfSTiIS190.bin
Intelligence
File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Gathering data
Threat name:
Win32.Trojan.Fareit
Status:
Malicious
First seen:
2020-06-04 02:13:56 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 5'112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.