MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 619bf3fd6586a7cc84f1c3bb1a8a9813513895c10622e74d1f1bd2a37f2fb041. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 619bf3fd6586a7cc84f1c3bb1a8a9813513895c10622e74d1f1bd2a37f2fb041
SHA3-384 hash: 665e40ff90a8ac5f481674778e83c132367183190ba69319a2c59555b198690b7d15355e7f6c6597fe43049c7348cc93
SHA1 hash: 0ca0e20bd947bb8aab13a00701c7c4a7c7facd84
MD5 hash: 2721b6e5b25061c7c7f0c2692e8cbb78
humanhash: london-black-princess-steak
File name:AWB847469799392_PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 06:20:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 52d3dc51b15b0816d92bda5b2e6e0521 (1 x GuLoader)
ssdeep 768:bYjGMjJvbviBby37By1Ed90vH+2LxZ60JlOVjBKkfuHGMMT6A0B:bcG0ayLBrSdlOhBKkB
Threatray 956 similar samples on MalwareBazaar
TLSH 8D534A5F6D08A953E06087B02D6292A5271ABD285501BF9B7E4C7F1CEB316837DE331E
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: r90hagu.ni.net.tr
Sending IP: 93.113.63.65
From: DHL EXPRESS <noreply@dhl.com>
Subject: DHL CUSTOMS NOTICE AWB847469799392
Attachment: AWB847469799392_PDF.gz (contains "AWB847469799392_PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1eXOUurRlnR_-06iT-Tq8Djtl6E3cKA3i

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7446/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMIL.8841.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 00:45:08 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mgn7h7lfq2t4zbhryo5rvcuycnitrfobayrooti7dpjkg7zpwbaq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1ee39f6cd500940ad97c444778dc717361e01ce5579a28d761aedae86e85af64
GuLoader
57cf4470348e3b5da0fa3152be84a81a5e2ce5d794976387be290f528fa419fd
GuLoader
639c28cc97accffb8a92a13ad5056da2a739421ef4965e768fa57356a6685d19
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
6591794758496511c22b638fc57b5d58943670a72568dfa92f29a08c501c73d6
GuLoader
753233a9add39ae1d7c975828f77000c63d2ab206ddbc52adc36cfd6f8ec8f7d
GuLoader
7a7760c4a4b1244950ea0fd475c53005ced18cb314a2e0fc4499086582e1a5aa
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
GuLoader
+ 946 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-swzknzv66e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz d1e3b48093140e399929e4c326b16cc0da173747a262c56ef532dd728e9c0701

GuLoader

Executable exe 619bf3fd6586a7cc84f1c3bb1a8a9813513895c10622e74d1f1bd2a37f2fb041

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385253/
  
Dropped by
MD5 5c43df083f052949e1130a9a50d71a7c
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7446/
  
Dropped by
SHA256 d1e3b48093140e399929e4c326b16cc0da173747a262c56ef532dd728e9c0701

Comments