MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d4cf3aea3811e50188b9420eae68de18006627f4dd86719459d99ad41d49291. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d4cf3aea3811e50188b9420eae68de18006627f4dd86719459d99ad41d49291
SHA3-384 hash: 1952b196ee046323dcbd6bf7ff72997479de5ed57c41cef44405e246cf00ddc146981e3ef9778208b5b14923c7c4c6ab
SHA1 hash: 7c0381e6d33dda470af8e46643320170d804803f
MD5 hash: 72a520cbabe7b364eb0a64573442773c
humanhash: hydrogen-five-kentucky-lion
File name:Order CVD-7104618_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:167'936 bytes
First seen:2020-06-04 17:21:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5e4d32787be169e941f5f3e2702d4d0f (1 x GuLoader)
ssdeep 1536:LM8DrdLtwkVc0qTAowDwvU2ESTrHsSNr06QQDWuAmD:LxrdhDVpqTCEwST3C+6mD
Threatray 1'941 similar samples on MalwareBazaar
TLSH ACF3091BB90DC78EE2048AB1F97251F40A79AF1BE4416D2FFAC0FE1DB4B024D24955E9
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: fastmail.com
Sending IP: 172.241.27.139
From: Nancy Anderson <dannysanders222@fastmail.com>
Reply-To: dannysanders222@fastmail.com
Subject: Order Receipt CVD-7104618
Attachment: Order CVD-7104618_pdf.img (contains "Order CVD-7104618_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1SRYKGO5xpgYZAxKdiSGlMnssBLKY3VcQ

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NanoCore
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6592/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 17:36:04 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dvgphlvdqepfagelsqqovzun4gaamyt7jxmgogkftwm22qouskiq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604
GuLoader
27d591d9f4f1c5c4f3f6ae8f975b1a0ed7d2ffb5277348e59cd32ef5c57e6168
GuLoader
3142e31329c54946869e2c0595bf23492f58f776ab9d6123bf20d10b6cba5602
GuLoader
6458e2ed559b0821cab5226e9258296079ed39db71bd8330cbe33dd04022abfc
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
743b0bd67e604e9e69acffcc8c7d56d8294de21c11c1a16cbeea94f82b6e5fa4
GuLoader
7f950bc31a7a30c03b8e703b1f59673a787674452e9c258e8343f9504486a559
GuLoader
b1cce5c3801487b851b808c16590f54937f9c36d668b9fcc2146c3d2d2040d97
GuLoader
dfe66d2e7938bed4e4452f82519a8b02d0ac89e74341a4abee8b2ec1c6a7ffb6
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 1'931 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vzk8dwstd6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 236ec699e5fc1e4d66c8adf9825326df8313f54b97e01416b21bcac5d32255dc

GuLoader

Executable exe 1d4cf3aea3811e50188b9420eae68de18006627f4dd86719459d99ad41d49291

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379641/
  
Dropped by
MD5 100a4e879e897322cf2799d82d1fcab6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 236ec699e5fc1e4d66c8adf9825326df8313f54b97e01416b21bcac5d32255dc
Cape
Cape
https://www.capesandbox.com/analysis/6592/

Comments