MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 877f342fa777bd70c1308b545ddaff6e70d9a8840c819713e34fcef56e736630. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 877f342fa777bd70c1308b545ddaff6e70d9a8840c819713e34fcef56e736630
SHA3-384 hash: 06274ce35fc2c88814eb2b967b90c68992458901e282ffa1587cf0ca03d47e4ed20355d743f24755fb3aaa28eced4ff0
SHA1 hash: caeaa037345a10ccf92b1ce6d8991926a1081152
MD5 hash: 0b4ad93a28f6e7a646ac60a4aee4c81e
humanhash: zebra-east-mirror-tennis
File name:shipping documents.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 10:47:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c4b5a5b676e583a558539a0e764d58bd (2 x GuLoader)
ssdeep 1536:BSPfxV40tdMkgrKHxLdGKc+o0FDHdZ1gIFYND7/LokP6Eg7X:UPXtIKVdhjFD9zeVBG
Threatray 1'113 similar samples on MalwareBazaar
TLSH B8B37B07ED8D8613D14487BC3D178DB93A1CB91D58001FDFB536AEABAD312526CAB21E
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 162-241-235-200.unifiedlayer.com
Sending IP: 162.241.235.200
From: DHL Express <support@dhl.com>
Subject: Fwd: DHL Shipment Notification : 7348255143
Attachment: shipping documents.zip (contains "shipping documents.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=10qkByuKJTKPBBfrfbhda8Oq4K-U1IQr5

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6516/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 11:35:55 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q57til5ho66xbqjqrnkf3wx7nzyntkeebsazoe7dj7hpk3ttmyya._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
24ebf6b9c1e61b3bdf58d0678683a8cae05860849a4d8b58a089af47a5ef67f7
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
85a40f3f59fb797494adf184b0dbee2b3d8089e9686b9f484c5242c5a75085a9
GuLoader
a2f0a1d469d73a11c69afc9eb12000fa7f7652305d936a10d12dabce693f878b
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
f060225054513f81f7600706174134f5bed19ede10f3134f59514542305c7f2b
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 1'103 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-akjxymmxcs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip b19065c90768d04680ed1bea9d22ca6c7bb31c72bcc677444e6d479041ba2673

GuLoader

Executable exe 877f342fa777bd70c1308b545ddaff6e70d9a8840c819713e34fcef56e736630

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376036/
  
Dropped by
MD5 36c0093703448bc2f0d05dc105c8f66f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b19065c90768d04680ed1bea9d22ca6c7bb31c72bcc677444e6d479041ba2673
Cape
Cape
https://www.capesandbox.com/analysis/6516/

Comments