MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b264d7bac7b64c40d89c0e35016ce95f78a90f4f098fc3c1116217c98fe544a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b264d7bac7b64c40d89c0e35016ce95f78a90f4f098fc3c1116217c98fe544a
SHA3-384 hash: 6088f4d2929f423fd3e7ce1d0931178894d7f2a07d8f0d0873196034d9efbd61227b7c7900b0e33d59edfbdd4baf66f7
SHA1 hash: bd37927c31341e20565c50df20691f1ed7740657
MD5 hash: 53db4de1c74137963ea8a8da4cfe02a2
humanhash: aspen-robert-pluto-carpet
File name:AWB _DHL EXPRESS 3245888693.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:131'072 bytes
First seen:2020-06-04 15:55:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 97f6cd69e0b3d708eabdb9b8c564bbce (3 x GuLoader)
ssdeep 3072:KfEcuDyn92mjHotk3PV55hkXuPa3Au3ZV:KscuD0jIS3PV6nAuJ
Threatray 934 similar samples on MalwareBazaar
TLSH DDD35C032D59C716D08519F07CA39D5E3A1B7A189E402ABF1094AFFFAE70291ACD671F
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mx2.aroelevenhost.com.br
Sending IP: 192.163.198.161
From: dhlemailship@dhl.com
Subject: DHL EXPRESS AWB 3245888693- Shipment Notification
Attachment: AWB _ARRIVAL DHL EXPRESS 3245888693.tbz2 (contains "AWB _DHL EXPRESS 3245888693.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1D6qGXWOrExPVmfqezQuXaOYUJcZXCVf_

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6577/
Detection(s):
Win.Malware.Guloader-8002906-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 12:55:22 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nmte265mpnsmidmjydrvafwosx3yvehu6cmpyparcyqxzgh6krfa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
560c76df97fdc5816fa9310921082a04b44b781e60bc77f84b970df04a36d1f4
GuLoader
65ab725aa981b93b5f3ca28ea8f5257235f6974abe8fb5b03086cc1f9c6aa41b
GuLoader
7bdb44b6363e3b185573f4c7e08e78201174fd692f18fc2882a95f8ba455bb5e
GuLoader
82d32f5841ba04262e4b1a15d798cfbd69a4bc9ebd37caf3573818e7a2140639
GuLoader
898abdb2d9de0344e5b43ac7e4330faeb03d97aa0a3c37e0a37da0ed4d732e9b
GuLoader
96487abb17fc905506f1be48d51ea17bb652515d8e5f40a4f524daebe98a6efa
GuLoader
98cbe4d5b07975cd7f0b7a23296b918264585dce46b2c1844a9f52640c03d2a6
GuLoader
b0ce5ad453b8b2f97ba703734dec8df10ba2182e617056461b2bf143abd6e8b8
GuLoader
c1ffff1b0912fbb00db8b8eb08b6c181a924a31cd806257604980be2d371092c
GuLoader
d7e975690cea31ddff67f92f89ee45cf24f09d9e3f7e91b8f3ee6305d23e52d5
GuLoader
+ 924 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rn15qm7msa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 9dfcc0a2fb77ba355966c2526a919ad44ef889441ddb09c80b6a1c38e0e28724

GuLoader

Executable exe 6b264d7bac7b64c40d89c0e35016ce95f78a90f4f098fc3c1116217c98fe544a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379326/
  
Dropped by
MD5 751718dce33dee43a2c773e856771bd2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9dfcc0a2fb77ba355966c2526a919ad44ef889441ddb09c80b6a1c38e0e28724
Cape
Cape
https://www.capesandbox.com/analysis/6577/

Comments