MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2679b68e7d2bc1eff0bb4969fc23081d38f08b72510107adcb18a2ffaa9ffca8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2679b68e7d2bc1eff0bb4969fc23081d38f08b72510107adcb18a2ffaa9ffca8
SHA3-384 hash: df652ffc147835cdbab9fb32aca749267c58ecb9a73eeb148bf6d925eba73f1450bee956ee0b10c0bb2cfc0240b750ad
SHA1 hash: 864bcd9ec5cefced9ca6d84cfe50b8d17fde90b5
MD5 hash: d6037b635c45d8c93f899af6864c87df
humanhash: carbon-october-snake-violet
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 15:54:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 876888dd6ba8d0ba855ae2c5c2cb366d (1 x GuLoader)
ssdeep 768:JFo2KLVJzhIMNG1OsW6j8A6bcBFIAHf0rwP4xS6ab4/5Odm8:JgLV/D6j8XbcQLwgxsb4MD
Threatray 91 similar samples on MalwareBazaar
TLSH 49934B42B2D8E576D71A8EB06B6AB798406BBC306D41CD0775D47F1E2A33F12E82531B
Reporter abuse_ch
Tags:GuLoader TNT


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: s01.id-svr.net
Sending IP: 103.52.144.60
From: TNT Cargo || Jakarta Branch <jplawfirm@jurnalisponto.co.id>
Subject: CONSIGNMENT NOTICE// NGBKHI20010274 2X20GP//TNT#KTW 886114/2020
Attachment: BPN___023928390511026.gz (contains "gunzipped")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 01:43:01 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ez43ndt5fpa674f3jfu7yiyidu4pbc3skeaqploldcrp7ku77sua._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04f9b7ca41ecf60e77f0a4a2c38a644c02b913b6958e0c22c0fe2773dbf7acbb
GuLoader
35de9956cb66110ef820db84e9eb9af8ea161f63a7ccfceb482c21299db67e9d
GuLoader
47bd044b43d50313e7cb86aa0ab8e63cbbb1673ea0813657fa4fcac76947caaf
GuLoader
4f965aee8b694528d2d11d5a80eeee466959650ffcd12b5f0fc28d3a11709e27
GuLoader
53e239b6031b90ba0da5ad4913eccc1d651ede3bb4b5c21a02d81387f48303d6
GuLoader
720004239ef0cb716b2f0d8793cfe7fb06d408cd5c598a6c726aab7f21c0bad0
GuLoader
7b0eeeb2adc3fe44102752fbe9a4ed08b3e3bf07fe633f9c3f4ab67eafb6e0aa
GuLoader
87fdcca436e0e9e220acb51332720668c04460d48d1791368e734c1539bd1f77
GuLoader
8b361138d1a485395c9659ea7b607b22b9947abb8fdf8383383103412d9cd4d3
GuLoader
f8707020bc0b78ae0fab3bd9794993c4cae406d9f13fcb6098f3321cb6bba515
GuLoader
+ 81 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-611m8a7bzs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 39d856875880e8470714858bb8c94f821a43a709e472578a06f374069d578d82

GuLoader

Executable exe 2679b68e7d2bc1eff0bb4969fc23081d38f08b72510107adcb18a2ffaa9ffca8

(this sample)

  
Dropped by
MD5 26181bb8ab8819c519148b88cc5de845
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 39d856875880e8470714858bb8c94f821a43a709e472578a06f374069d578d82

Comments