MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935
SHA3-384 hash: 9601c300fcea1da50161050c005847b8967228c0d6d033cb39c47c11354df40ab52d7c223b795b0c6950517049f17659
SHA1 hash: 9bea7460f3b516114dc0f2ab024a5f635dea54c1
MD5 hash: 886b0f003148a7822721f4afd76f042d
humanhash: quiet-lake-ink-mike
File name:Document.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 17:57:02 UTC
Last seen:2020-06-04 04:51:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2e5928afeb4b3419d6bda7269485820a (1 x GuLoader)
ssdeep 1536:iSPfxV40IAoONkgrKHxLdGKc+o0FDHdZ1gIxTFrVY5eZHbd6z:zPXmOVKVdhjFD9zfUeZYz
Threatray 5'107 similar samples on MalwareBazaar
TLSH 75B37D07EE5C8113D1888FF92D129D7A7B1CA90A0D011BEF61367E9BAD315832DAF61D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.northern-safe.com
Sending IP: 45.95.169.178
From: "Nicole Gapes"<info@northern-safe.com>
Reply-To: gapes.nicole@yahoo.com
Subject: Property Purchase & Leasing
Attachment: Document.zip (contains "Document.exe")

GuLoader payload URL:
https://pinkbroadband.in/images/blog/Thumb.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6407/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 18:35:32 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aiiymxkyv43l4iaj5mu2o6saank2js33qvbnmnm2n6rqjq7x3e2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0df0a487b38b5d9bdbc8e2c05ba4c639dfe09969f5f68c85da43b46c16a48f6b
GuLoader
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
18dc7ad4fd5ffd0ec8b8f12884b41f3ace4e2ba95f704175ebf0a0eead74ba36
GuLoader
27d591d9f4f1c5c4f3f6ae8f975b1a0ed7d2ffb5277348e59cd32ef5c57e6168
GuLoader
560c76df97fdc5816fa9310921082a04b44b781e60bc77f84b970df04a36d1f4
GuLoader
5bc45e4356d18725afcfadc81b15317f2144140baa77b893a8732acdc689f43b
GuLoader
6715e87f7070a2d7b5b2c71e98a7bade689a504aed3b95654af3494248a501d4
GuLoader
a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77
GuLoader
cac635b83d0ee884f8d8bbce419b4c9d13273f4a10c450c2ea50830dc683e3ac
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 5'097 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-aszjf38vr6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6c595a31e152cd5dba3b62163e898f6beff297c08747fff329e0b24e94fe2cbb

GuLoader

Executable exe 0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935

(this sample)

  
Dropped by
MD5 91a72160cdb38fb73f8a5249fedf88eb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6c595a31e152cd5dba3b62163e898f6beff297c08747fff329e0b24e94fe2cbb
Cape
Cape
https://www.capesandbox.com/analysis/6407/

Comments