MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40
SHA3-384 hash: 92a8e680a51109d1ceecf8e70a43d7c41e4147879b8956ad81931a92dc8e26fe81f65e10f79300017f9ae72a485a03de
SHA1 hash: fb8bd0429d3b455459ae3fa59c375b83640a4293
MD5 hash: 10b77896ae596abe27f1979d29bd4a6e
humanhash: foxtrot-tennis-nineteen-stairway
File name:DHL_AWB - 4626263633_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:02:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8cc493c0bb11a0208043af05a0e1deb9 (1 x GuLoader)
ssdeep 1536:yYSPfxV40/PsZq4BbkgrKHxLdGKc+o0FDHdZ1gItpKPqTT+otDDcI4Wp:ePX/POq4FKVdhjFD9zpWI4W
Threatray 2'107 similar samples on MalwareBazaar
TLSH 03B36C13EC588953D2544BFD3D538DB83A1CB91D49002FEF61796E9BAD322822C9B25E
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mails.abidjiaintl.ml
Sending IP: 193.142.59.76
From: DHL EXPRESS© <customersupport@dhl.com>
Subject: DHL Notification AWB - 4626263633
Attachment: DHL_AWB - 4626263633_pdf.gz (contains "DHL_AWB - 4626263633_pdf.exe")

GuLoader payload URL:
https://cmdtech.com.vn/build__ol_OrFUVF212.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6453/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 01:15:55 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rn4refqqcadl5ibrxrh7mvyad6k42whndw2efgrefv4qkd4upvaa._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
0f9f76e8ffa64b600745b99b8f7b51cfa151299424e6523995c6c0bcd7a5cd6b
GuLoader
136951ab2919602366049b534cc5159e1d6da7bc46a9131ce292dcefaf05c449
GuLoader
2c1642f94762a15404bbc286403d839f6ceba0659179aa227232af98d2b49d6d
GuLoader
439b4bf202d997d215433860e0b2e2ccf9a53dde53f3c4a0482450d4550c4edf
GuLoader
a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14
GuLoader
ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439
GuLoader
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
GuLoader
b584d8b69ef7c3f2689e4cecbec9932b84ca55e03c87b1aa9a9b9f56a1ba6c94
GuLoader
c1f40574d76ccbf75a61e6bbd123b59d1c384cd2c8d435cbbb2bc54211615e3d
GuLoader
fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0
GuLoader
+ 2'097 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1csd6f7cqa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 0600689fca8d650af28d4bc76a3b45e347cc8b020ee286057f69c1048d4839d6

GuLoader

Executable exe 8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376004/
  
Dropped by
MD5 a6f87ed8464d8166305cdc0b82d28ea0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 0600689fca8d650af28d4bc76a3b45e347cc8b020ee286057f69c1048d4839d6
Cape
Cape
https://www.capesandbox.com/analysis/6453/

Comments