MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e03857d8092046a029b954a11b54103b24199258979fb3b78cccb8bcaf627ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e03857d8092046a029b954a11b54103b24199258979fb3b78cccb8bcaf627ec
SHA3-384 hash: ab4b061632f9b0260a656a13ac22b4ac0dcb373c249f634584bd6fa1db64ae1ffddc4d306ca7b3b6a6a0e509fa8d13d2
SHA1 hash: 5635c1cf2c9816db2969d93298cb45da0b647419
MD5 hash: baf7c927f07147359d538fec809822a5
humanhash: michigan-nuts-magazine-alaska
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 11:42:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 19114a75e2fb2ef0eb56f7d98efab6f3 (1 x GuLoader)
ssdeep 768:bOWJGMjJvbviBIifAhaID+vBJSxTwxEDC+wRN8eB/OXcnVl8uuCG6CFNT6HBD:bOGG037hapBkxExEgBOsnVl/
Threatray 961 similar samples on MalwareBazaar
TLSH 7F536B6F2E489453E12187B02A3282A56719AC284005BF4B3E6C7F6DEB711C37DD332A
Reporter abuse_ch
Tags:GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: newmail.inforang.com
Sending IP: 114.108.163.181
From: TNT Consignment Notification <Admin@tnt.com>
Subject: TNT Consignment Notification for 243740512
Attachment: TNT Consignment Details_pdf.gz (contains "gunzipped")

GuLoader payload URL:
http://bijelizec.hr/download/KEL_YrgDx38.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7531/
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:44:06 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bybyk7masicguau3svfbdnkbaozedgjfrf47wo3yztfyxsxwe7wa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15187de4f29194c60f3f199549c345592e967ee8ecf9a39b0a40c1796fdb222c
GuLoader
3631b6f02663cc48d6ca8a8396a168c0d0204326c8d3ff66b25e013c7e8d5f93
GuLoader
4b1798ea1212bd8c50d111f5124660ca4c7288a1c11129aece16c279a11ab3b3
GuLoader
698435e03511a280b49f016d506f4e8f3ade4d777f294925ddbcb333d6d4853a
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
8507e59e99aeecfdf0c8da8742848a0773c3493d038caef65a04bbe6969dffb7
GuLoader
8dfca70c89e2310b9f8af5cff4ace9dc09676db2e19950afb205518c581f9627
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dc9313eb1e94d26aae9ad9f8e5310589092b1a29f0436017417c3ad3e4f42e0d
GuLoader
efb0614d2ed991a28fb923ed15a74ecf24bbaea76e767f16213c752962c103df
GuLoader
+ 951 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-q9rm8xcgq6/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 212ca23b19aef450d7619d0b8675656923904fa74c055679a02273d32d8b20b1

GuLoader

Executable exe 0e03857d8092046a029b954a11b54103b24199258979fb3b78cccb8bcaf627ec

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385331/
  
Dropped by
MD5 dc8600f1cea11631a1ef9a12220bcd5c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 212ca23b19aef450d7619d0b8675656923904fa74c055679a02273d32d8b20b1
Cape
Cape
https://www.capesandbox.com/analysis/7531/

Comments