MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89d98c4ec833d8a798f26dd15eda6e7868972d52da8074d756b47f682e9f61e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89d98c4ec833d8a798f26dd15eda6e7868972d52da8074d756b47f682e9f61e0
SHA3-384 hash: c496c2ca4490682ef938a1dcff99fecec026fe10c5702326bd8dd9698dbb6432511abf026cbefdff7775a561ce6b127d
SHA1 hash: a45245d74ebbf2ab5c06c2203d5f9fe7e61ecda8
MD5 hash: 10c9a9eb6d7ecec186f1374fbd8d87a3
humanhash: black-fillet-lima-sierra
File name:Consignment Invoice.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 09:18:52 UTC
Last seen:2020-06-08 10:22:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f8abb5f76394b0ebca76f5223901b477 (1 x GuLoader)
ssdeep 768:zbysfNpuRnnPilTjATMEpujz6RNfj/DyPUqpTkRXQJtEWx4Be3KOCBqSezPgbsCl:zbysFY6TjMLuzE0PFp0goKKsL
Threatray 819 similar samples on MalwareBazaar
TLSH AC73AE176C08C6A2F09046B069D6C7861317EE285D066E4777A96EAFEC346C3ADF132D
Reporter abuse_ch
Tags:exe GuLoader TNT


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.565.zizospanltd.casa
Sending IP: 178.128.28.120
From: TNT Express Delivery <invoicing@tnt.com>
Subject: TNT Express Delivery: You have a package
Attachment: Consignment Invoice.iso (contains "Consignment Invoice.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6959/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.29167.7323.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 01:46:37 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rhmyytwigpmkpghsnxiv5wtopbujolks3kahjv2wwr7wqlu7mhqa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
01563eeff9cd4cb84253c2c9bc40762d118780ab89c6c7b82ce9c9cf0a56a818
GuLoader
059adc86fc6f66c311937e2fd4910fa9d07d55b1897daa608bfb54e01f655257
GuLoader
1a96662a743a681756e4ae5ed7a3d259cca5a50725413698c1769939a950b455
GuLoader
8697eb117ba4ca2b18a9a7bbdcbd201cc062e2e79ccbc9d8ea785baf5b868657
GuLoader
923a8eab7773b5be5e3e380de1505a2c6c71f7b82329e9f3b3ff1461dc057610
GuLoader
d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb
GuLoader
dc0f8133b1faa0245779e8294421033ae567c11be58f5bb86eb65ad3d67bb8ae
GuLoader
e3bdb2a06e43b09073cebd4f7a7fe633d45d1c6d149885f7b815cc591fe3b453
GuLoader
e64a40c05ac395f8751ac149772087476c75ae46a7e7831fbd00b20fd3edcf99
GuLoader
eefab144fefdb2883084329ab3755717ed6882b348eea18aa611a0a446c39f69
GuLoader
+ 809 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xqbqegpcbj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar a8f4abfc3a0229df9fac1624288fc794048c80cb72247a04ca3378a7816546bc

GuLoader

Executable exe 89d98c4ec833d8a798f26dd15eda6e7868972d52da8074d756b47f682e9f61e0

(this sample)

  
Dropped by
MD5 1cfb050f40698e01228fa3ba0aba796a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a8f4abfc3a0229df9fac1624288fc794048c80cb72247a04ca3378a7816546bc
Cape
Cape
https://www.capesandbox.com/analysis/6959/

Comments