MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef
SHA3-384 hash: e0954f4826add6c36cd28223a59066b5d8f15f98bf818741293a1831c34eac1f06cf00d7aa0d1ceafdd58f35581af4da
SHA1 hash: c62780d19cf03f21d62a91782a96fa37a35aa38e
MD5 hash: 64e1914c722977019216c1b843b436a5
humanhash: pennsylvania-lemon-river-autumn
File name:DHL AWB.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-08 12:13:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d0362c5ede091a4e4f81baf26fcb9b13 (1 x GuLoader)
ssdeep 1536:7uRtSabmagB97ZriacwkpsxAqC+0csVkmi4w:S7bvgBSsxDN
Threatray 1'215 similar samples on MalwareBazaar
TLSH C8839E137554C106E1A585702CA39EB52B66FC2818415F4B6089FF2FF8B9B536C7B32E
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.cn-nakareg.com
Sending IP: 45.95.169.32
From: "DHL EXPRESS" <info@cn-nakareg.com>
Subject: DHL BILL OF LADING SHIPPING DELIVERY NOTICE
Attachment: DHL AWB.gz (contains "DHL AWB.exe")

GuLoader payload URL:
http://baritaco.com/build_VSJicTAg206.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7019/
Detection(s):
SecuriteInfo.com.CLOUD.27616.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:15:07 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z5sufo4h24dkw7lp2p37ucrfstj3b3mktuk3jajffugeaxwng3xq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
01cbd7ffa69b802c48571c9643d525c525493463b592a79336ee6757e9d54aa2
GuLoader
1262d63aabec1fe6b68df348419485b7bbe4fecec2bac3cdcc4fe42b12d24d96
GuLoader
15187de4f29194c60f3f199549c345592e967ee8ecf9a39b0a40c1796fdb222c
GuLoader
187c0f3510e1435dce3980a2ef3dd20b44a694218b3ba633afe266f23cff03cb
GuLoader
5c981192bf5e45d352e5abcde6fc0b57b9dc3081b34d3f1a76dcd52a0111c4fa
GuLoader
61b5d789c9983fb294e4e91fdcd1487c896fbc12a0a605215a48f589b6fb4937
GuLoader
8d4b6b5a3f228456841a6627f6b4fe4de260e1261e312b30b62120d5297e68c1
GuLoader
8dfca70c89e2310b9f8af5cff4ace9dc09676db2e19950afb205518c581f9627
GuLoader
8e73f4dbd13dd1cf8475bab8fae351b8a05507e429bd3b3700fca13dc764d66a
GuLoader
d894062069e0d2967a0ca5655892f29e511d37dd5de5f5dc02e7ed54f2e4fe45
GuLoader
+ 1'205 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-a7qwpxvtkn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 239094ed3739b40d61b0a30f4e033d1575f77813e99cf1ecc3368e4e327d8542

GuLoader

Executable exe cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383081/
  
Dropped by
MD5 f4e4537ed5cfe97fe936dbf23bd84542
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 239094ed3739b40d61b0a30f4e033d1575f77813e99cf1ecc3368e4e327d8542
Cape
Cape
https://www.capesandbox.com/analysis/7019/

Comments