MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dfca70c89e2310b9f8af5cff4ace9dc09676db2e19950afb205518c581f9627. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8dfca70c89e2310b9f8af5cff4ace9dc09676db2e19950afb205518c581f9627
SHA3-384 hash: e9677cdcabd9f830583796cd9628d26fb66479045bc0926dc7fe743991aec05a46510635b099681d8bc9f9196b04caf8
SHA1 hash: a4631c34f92db4876d5bb366c53c801dfcea46b7
MD5 hash: f8c5f4c8ec7f6d92fe2d7279665c810e
humanhash: minnesota-fanta-early-nineteen
File name:Nl & EU Purchase Order 100-211.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-08 14:47:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 061d6b5bad7f8b479477aca8b6296edf (1 x GuLoader)
ssdeep 768:dzu1aL3mNtlrHBOj88eexvTTjwcoZTHi6J8NfyeKfon6ra9w6Ow+x3Ha4xzT:VuRtSgnexbwVZriaKfyeaTaO6Ow09xz
Threatray 5'084 similar samples on MalwareBazaar
TLSH 36837C077568DA02E15146B03CE3DEA62A66FC2858405F0F2599BE5BF831F4B7CE632D
Reporter abuse_ch
Tags:CIC exe FRA geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: win-hpn82nuha6u
Sending IP: 116.203.107.188
From: BANQUE CIC NORD OUEST <nepasrepondre@cic.fr>
Subject: Payment copy
Attachment: Nl EU Purchase Order 100-211.zip (contains "Nl & EU Purchase Order 100-211.exe")

GuLoader payload URL:
http://185.141.27.137/ibbin/bin_tfDUQwQJa34.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7067/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:49:07 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rx6kodej4iyqxh4k6xh7jlhj3qewo3ns4gmvbl5saviyywa7sytq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
420c2572fe66b34a3e994b43ec3d35a60559c2b011c02c038854a99034a9ca2f
GuLoader
515f7d3e80be5b43204e165789a22254722d90b39c3a130f91949d1a511ff082
GuLoader
8114e5e30720952dbf0515a5f3801c7c0ef51844758e25b100b768a29c01155a
GuLoader
a58e85fa61d98c70d0f6bf421b73cf73709f36e77578fd52fc05cc85b4dd5419
GuLoader
a9089afb7795019bd9b1a2395b387a6c9957d499f10ff2929bf8d65c9913f453
GuLoader
b3b093d992d26b0d21a61a778598abd5dd87649a89f724c2798f60f9dc19de1a
GuLoader
bef21badc9c82be3a2446c61d67213addd54b665d17c4b75b64ec8d9558034f5
GuLoader
c7949573443efdf9faf7bdd96422dd515bc3576d8fce3091776333047524d1a2
GuLoader
d823d3c8c26635339f3de0090fb21441f5d2f4db1a0567b2028ca8e3e7f5670e
GuLoader
fda70d68d95854fd28bf29b6128d0d97b437d20798a532e6bb5c5e26d0785594
GuLoader
+ 5'074 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-d5ygd5nqfj/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2309b6d2945783226fa5c9f61864cab4ec20f9a171ac0f3fc6eea5b704f16058

GuLoader

Executable exe 8dfca70c89e2310b9f8af5cff4ace9dc09676db2e19950afb205518c581f9627

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383231/
  
Dropped by
MD5 032cb6f862b528642c1599de9dfeea0a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7067/
  
Dropped by
SHA256 2309b6d2945783226fa5c9f61864cab4ec20f9a171ac0f3fc6eea5b704f16058

Comments