MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 e28da88ff0d294d8f4bc7cacae31814a43026ddac38a554ef697e703122e46c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 5
| SHA256 hash: | e28da88ff0d294d8f4bc7cacae31814a43026ddac38a554ef697e703122e46c5 |
|---|---|
| SHA3-384 hash: | 8ebc5122b80c972fae08bcc60c95f073775ee271f12670800980d8f7a4c6428c26553e79e340825fa9f296c569c5c21d |
| SHA1 hash: | 217104bb3ae9293498ea7b8b807a768dafb12bec |
| MD5 hash: | 1dcbaf1a1cf84cabfb3265391304aa2f |
| humanhash: | chicken-social-one-edward |
| File name: | Fonetikke4.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 65'536 bytes |
| First seen: | 2020-06-10 12:36:21 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | fa2e8d6a1c79402c5f6df672ec41cb95 (1 x GuLoader) |
| ssdeep | 768:bJCGMjJvbviB7BFCbW454urlelea02E+Yj3611aBZO/UpM9QxUK2WZwzHbQk7:bJCG0CBmr7K3lUOcW9Q5mQ |
| Threatray | 946 similar samples on MalwareBazaar |
| TLSH | 7C534A5B2D1CA953E12087B02A72D1F16615AD280505BF4B3E5CBFADFA316C27DE331A |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: box.dysonservicecentre.co.uk
Sending IP: 104.168.211.117
From: Coral Li <support001@dysonservicecentre.co.uk>
Subject: RE: REQUEST FOR QUOTATION N0178946806479
Attachment: N0178946806479.pdf.img (contains "Fonetikke4.exe")
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1mgYo7MPYtJz7lS87QYpFURlhFP6pvBXB
Intelligence
File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Remcos
Gathering data
Threat name:
Win32.Infostealer.Fareit
Status:
Malicious
First seen:
2020-06-10 08:14:23 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 936 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.