MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 837fe7fbfe7bcef79db54bc8cce2bae23f98e7e31d57d1471822892f4aa23df8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 837fe7fbfe7bcef79db54bc8cce2bae23f98e7e31d57d1471822892f4aa23df8
SHA3-384 hash: 2bd61bef7fa0f78051d0ac5500334765c5f21de09f4e6aae777f471d2d24e145afece6f918ff80a8f58c207062dcc258
SHA1 hash: 80da07b3a21b23c91ed7f6b3d8812973f0ef315b
MD5 hash: b7438a3eafdefb996d479f699c24a62e
humanhash: helium-texas-magazine-pluto
File name:consignment invoice·pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:03:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ce0b0d7df59951ca3edf177d7521449e (1 x GuLoader)
ssdeep 1536:mNSPfxV408Pxsf/ENgikgrKHxLdGKc+o0FDHdZ1gIfY77R+0o4FKFrUba:hPX8J+gdKVdhjFD9zUIS4
Threatray 923 similar samples on MalwareBazaar
TLSH 67B37B17EC8C8653D5544BBD3E138D793A2CB80948005FEF70796E9BAD722822C9B25E
Reporter abuse_ch
Tags:exe GuLoader TNT


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: zeus.webex.gr
Sending IP: 46.4.69.158
From: TNT Shipment Notification <shipment@mail.tnt.com>
Subject: Fwd: TNT Consignment Notification for 243740512
Attachment: consignment invoice·pdf.zip (contains "consignment invoice·pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=14lJp2xdlyaffdGC2tz0Wc6qHt6uhKVWu

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Lokibot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6461/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 08:35:56 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qn76p676pphpphnvjpemzyv24i7zrz7ddvl5cryyekes6svchx4a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
4c83cd741a7210492c0146135bd247c08aac84ce75b26e520c1e74f806d71452
GuLoader
6715e87f7070a2d7b5b2c71e98a7bade689a504aed3b95654af3494248a501d4
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7f7f93ae7c3ce6bd7d154c2e2188bd39c7d511df8fc890e46085afc34acdba2b
GuLoader
aa7170f4c174314d883e1d0a98a14b8256ab63b7ad80dffd45d0ace33ace4580
GuLoader
c5ef77c9b5293774ac7a58fba97cce6a84d3948af08b014a08c155e978c09eef
GuLoader
c6a810bf84ea3fd17a282d2a10bec7811c79ff751d5dbcf9eb84cff95f1fd5ba
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 913 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3c5w721pmj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8a822508305a4a3b1e060587878be7b6987e3f32bcc4c47d3254d9dcd5c41229

GuLoader

Executable exe 837fe7fbfe7bcef79db54bc8cce2bae23f98e7e31d57d1471822892f4aa23df8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378974/
  
Dropped by
MD5 2d757f8d2014b95c25b1e59f081c785c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8a822508305a4a3b1e060587878be7b6987e3f32bcc4c47d3254d9dcd5c41229
Cape
Cape
https://www.capesandbox.com/analysis/6461/

Comments