MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d11f49cceb75957df9dde57b197a71b081579d2a63eaf294974e5d03dbb6a558. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d11f49cceb75957df9dde57b197a71b081579d2a63eaf294974e5d03dbb6a558
SHA3-384 hash: c2ee06254e58c8c1c3fc065de583a55c9e54dadc4a62b3d8f01e7e445e94064517dbb1ab524bd57b738c2f150c38084e
SHA1 hash: 68f6b5650e3d9ceffbca0d5c7d044695fc7a902f
MD5 hash: 1bb4ae4d71078bd63df8d5cd6995dbec
humanhash: eleven-blue-missouri-blossom
File name:Doc762727372732 PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:30:14 UTC
Last seen:2020-06-09 12:55:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6efb4a880e372ebd70a9bd526413a02e (1 x GuLoader)
ssdeep 768:bYH9u1aL3mNtlrHBOjCcZ6tngdZTHi6JLXNacK0uFYrV/R14on2rR4iKyMXN:bQ9uRtSGqdZriaIHJc4on2rCRy
Threatray 1'095 similar samples on MalwareBazaar
TLSH B0739D036C04D512E10106B06CA35FBC1B6B7C688A815E9F35D97F5FE972B926CBA239
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: WIN-19RHAIQ62L3
Sending IP: 180.214.239.204
From: Accounts <admin@genobose.cf>
Reply-To: kimhilary164ever@gmail.com
Subject: RE: Final repayment $40,700
Attachment: Doc762727372732 PDF.zip (contains "Doc762727372732 PDF.exe")

GuLoader payload URL:
https://www.wewilltransportit.com/bin_POZxNXCW137.bin

Intelligence

File Origin
# of uploads :
3
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7239/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 05:08:58 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2eputthlowkx36o54v5rs6trwcavphjkmpvpffexjzoqhw5wuvma._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
080a382d362b7bc36365a369f6ff5755a38641e021fce3225eeda8e10e54964f
GuLoader
34c9285a6b094968258fffe94cb3339c1715cbc6b8db1d309f7075eb0afda2d0
GuLoader
3e1b8febf5f7c0c794dad1a6ae195de982e8c0940997568a370c6fb21511d98a
GuLoader
3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c
GuLoader
5f0c0c43a813132bc787e581c5456b0bbd3f4bb1947691b9636eec6236861f5c
GuLoader
620e100a8454a1fe2978e299f7b591c07589bf257bd2b1913c3b7ad601699e4b
GuLoader
88e03236b248d004923161c7928a1546cdffd0b6e8c30a22b1d49b05dca9b2da
GuLoader
8bbc2e9322af7c28162adfaa66055af70695b2da16b822be4b8b4deb67da405c
GuLoader
aa82601b73b942480ec35f665f346890e2d2b51646b89b77a36efed5962527d7
GuLoader
f78f5eeea8bfec17ed985d71b265dd5be1bb90f781004a6a473e2e116abe144e
GuLoader
+ 1'085 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sxdevmjvbe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip fbea13464644fb124fec58472bf59a3270fc34a93cc6786d64732e6531e10b42

GuLoader

Executable exe d11f49cceb75957df9dde57b197a71b081579d2a63eaf294974e5d03dbb6a558

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384271/
  
Dropped by
MD5 fee0c2bd81d6ce9c10e79f5c2465bceb
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7239/
  
Dropped by
SHA256 fbea13464644fb124fec58472bf59a3270fc34a93cc6786d64732e6531e10b42

Comments