MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e4cb68e8910042eeb4f5f4588a5a76df31cc6b0be9ad55165ced088afc23201. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e4cb68e8910042eeb4f5f4588a5a76df31cc6b0be9ad55165ced088afc23201
SHA3-384 hash: 6b3e75cfa24c22a794c113a72416aa9ef8351ca6bca805c292646b8cc5db708e9a5eb37ab7588ee3262694433758279c
SHA1 hash: 83258bd7c30a053c404ec31a27a09a554cfd6dae
MD5 hash: 0dd8459b7ec57a3031826088750262ac
humanhash: floor-happy-echo-pasta
File name:invoice8947783627.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:131'072 bytes
First seen:2020-06-04 15:55:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5cd90c85cea9ee96e034147026d440a6 (1 x GuLoader)
ssdeep 3072:5fEcuDyn74mjHotk3PV55hkXuzcVKhtSfNTw:5scuDUjIS3PV6icQtSlU
Threatray 1'117 similar samples on MalwareBazaar
TLSH 0BD34B037C69CB16D19519F17CA35D9E361B6A089E4026BF0084EFEFAE70192ACD671F
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: correo.sentidocomun.es
Sending IP: 54.217.206.198
From: DHL PT <noreply@dhl.com>
Subject: Your last DHL Global Consolidated invoice:OPT8947783627
Attachment: invoice8947783627.r00 (contains "invoice8947783627.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1dBStH-TMuogHhhwH7U9-xzaPZ8Y55yLV

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6578/
Detection(s):
Win.Malware.Guloader-8002906-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 16:36:47 UTC
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rzglndujcacc522pl5cyrjnhnxzrzrvqx2nnkulfz3iirl6cgiaq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
65ab725aa981b93b5f3ca28ea8f5257235f6974abe8fb5b03086cc1f9c6aa41b
GuLoader
6b264d7bac7b64c40d89c0e35016ce95f78a90f4f098fc3c1116217c98fe544a
GuLoader
7bdb44b6363e3b185573f4c7e08e78201174fd692f18fc2882a95f8ba455bb5e
GuLoader
96487abb17fc905506f1be48d51ea17bb652515d8e5f40a4f524daebe98a6efa
GuLoader
98cbe4d5b07975cd7f0b7a23296b918264585dce46b2c1844a9f52640c03d2a6
GuLoader
a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77
GuLoader
b0ce5ad453b8b2f97ba703734dec8df10ba2182e617056461b2bf143abd6e8b8
GuLoader
d7e975690cea31ddff67f92f89ee45cf24f09d9e3f7e91b8f3ee6305d23e52d5
GuLoader
e0d379ff05529ef018085ddb03216e3d5d89609a4a5f306f02ffaf8e08712d36
GuLoader
e67d2cc87cb3ad2084b0ff023029653544bf2e343cdbe4c3ca205a9764f6f8b1
GuLoader
+ 1'107 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-e8cbxh496j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ab196bc513e010f7b0e865ce4faf25e5

GuLoader

Executable exe 8e4cb68e8910042eeb4f5f4588a5a76df31cc6b0be9ad55165ced088afc23201

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379336/
  
Dropped by
MD5 ab196bc513e010f7b0e865ce4faf25e5
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6578/

Comments