MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
SHA3-384 hash: f7675598a6af9a3047daca7e8f72eff66c8681ba7973d6237b1bae9be136bd6b4b341fb7bdfeded31681a37c22246a75
SHA1 hash: 967560af9ea597d994caa0aa9275e9d7b6ad85d1
MD5 hash: f1f21545bab6f3f86f04f6dbfb0c022b
humanhash: four-coffee-ceiling-floor
File name:DHL_AWB# 9284730931.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 17:26:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a0eec2bafe1ee6577e0380babdbeaa85 (1 x GuLoader)
ssdeep 1536:sGSPfxV400chnGkgrKHxLdGKc+o0FDHdZ1gInCKfwOto1JU4o7w1/:SPXAKVdhjFD9zj7f3mW4n1/
Threatray 5'102 similar samples on MalwareBazaar
TLSH 8AB37B07FC4D8553D1448BBC2D178EB93B0CB82D49409BEF75396E9BAD31642ACA721E
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.gtrit.com.my
Sending IP: 103.18.246.122
From: DHL Express<eawb@iddhl.com>
Subject: EAWB Notification
Attachment: DHL_AWB 9284730931.rar (contains "DHL_AWB# 9284730931.exe")

GuLoader payload URL:
https://qif.ac.ke/flow_AoGPhiVz245.bi

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6395/
Detection(s):
Win.Malware.Generic-7998112-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 21:48:14 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rfph5bpdtctl2nqvvbctyhwsdf42ez3pvbfpbzjqo5rv7ajlmt6a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0afe73609922b94ffb25f673db3b621befab30c7f52cd586497b63f8154dbd6d
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
1e997f4144eb94f184308c7ebe6dbad709cf7151721c563e43a92d52539d4e1d
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
7e93dde14915a790ba530c8df9aafdca662a2372210036abeeee86b9b7cb5c4f
GuLoader
b3ffcbb8279a9fd2b833c99170fd8cf01f9b5209617840dd8cc4411989d5e479
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
e09c2eb3f06cc722f1035d501755645c3feb569441f465ae3ba69aa4aba6ffa1
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'092 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qnc9w1tqrx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 46b792edf7ec7103e085c18f431fe9478710157825d1d87c1789ca1dd7631990

GuLoader

Executable exe 895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc

(this sample)

  
Dropped by
MD5 a83024ccaca2285925ce6306af909c7a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 46b792edf7ec7103e085c18f431fe9478710157825d1d87c1789ca1dd7631990
Cape
Cape
https://www.capesandbox.com/analysis/6395/

Comments