MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 686dbdd1993e0a6efdcdf33f20d8538f200f8166c57db016cbf342d112d396bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 686dbdd1993e0a6efdcdf33f20d8538f200f8166c57db016cbf342d112d396bd
SHA3-384 hash: 6e7f9f79775b70d0804a0dfc701d52d6f2f6535abd7b27f401e81091da68d2a182a2d1993ac831d580bdd3ae8637a73d
SHA1 hash: 068f580890dfd9677a296e5ce9b45fa23a73f5ae
MD5 hash: c3f1a4bed35eb120be24221299a3579f
humanhash: oxygen-table-summer-failed
File name:DHL invoice.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:131'072 bytes
First seen:2020-06-04 15:54:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6f01493eedb854f6da913d3ffb528653 (2 x GuLoader)
ssdeep 3072:/fEcuDyn7SnmjHotk3PV55hkXum2rDadJR:/scuDXmjIS3PV6wDaj
Threatray 684 similar samples on MalwareBazaar
TLSH 2AD36B033D59CB15D18519F17CA39C9E36176A089E402ABF10A4AFFFAD701A1ACD672F
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mails.cesosenintl.ml
Sending IP: 193.142.59.85
From: The DHL MyBill Team <track@dhl.com>
Subject: Your latest DHL invoice : USDEFI001454105
Attachment: DHL invoice.rar (contains "DHL invoice.exe")

GuLoader payload URL:
https://qif.ac.ke/komi_yUyfmoyRdV90.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6569/
Detection(s):
Win.Malware.Guloader-8002906-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 15:30:59 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nbw33umzhyfg57on6m7sbwctr4qa7algyv63afwl6nbncewts26q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
18dc7ad4fd5ffd0ec8b8f12884b41f3ace4e2ba95f704175ebf0a0eead74ba36
GuLoader
560c76df97fdc5816fa9310921082a04b44b781e60bc77f84b970df04a36d1f4
GuLoader
7bdb44b6363e3b185573f4c7e08e78201174fd692f18fc2882a95f8ba455bb5e
GuLoader
82d32f5841ba04262e4b1a15d798cfbd69a4bc9ebd37caf3573818e7a2140639
GuLoader
898abdb2d9de0344e5b43ac7e4330faeb03d97aa0a3c37e0a37da0ed4d732e9b
GuLoader
96487abb17fc905506f1be48d51ea17bb652515d8e5f40a4f524daebe98a6efa
GuLoader
a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77
GuLoader
b0ce5ad453b8b2f97ba703734dec8df10ba2182e617056461b2bf143abd6e8b8
GuLoader
c1ffff1b0912fbb00db8b8eb08b6c181a924a31cd806257604980be2d371092c
GuLoader
d7e975690cea31ddff67f92f89ee45cf24f09d9e3f7e91b8f3ee6305d23e52d5
GuLoader
+ 674 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kyb725tyl6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 723712f4ccf1b680329260d9674a19f1ce7485111e8429224cd03b18977585d9

GuLoader

Executable exe 686dbdd1993e0a6efdcdf33f20d8538f200f8166c57db016cbf342d112d396bd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365819/
  
Dropped by
MD5 30c40c0b62db499a8b67e6665e169559
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 723712f4ccf1b680329260d9674a19f1ce7485111e8429224cd03b18977585d9
Cape
Cape
https://www.capesandbox.com/analysis/6569/

Comments