MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8023299c187748c37d44d26af0165f9429a89fa364bfd243c201252fa78e160. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8023299c187748c37d44d26af0165f9429a89fa364bfd243c201252fa78e160
SHA3-384 hash: 0bc442a69a5181b12ab5378e987ccd050c5f64038afc3c4166fe4eb094f312c6575ddc684472be3d2a9c3138ae86a442
SHA1 hash: 45fc7c08031dae64354d58cdbe97ffed0069c3ff
MD5 hash: 15192879f392d76498a1dfcc1f4adf92
humanhash: zulu-robert-avocado-hotel
File name:MH-purchase request list_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 06:49:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b19d800be9b5ca08aa07bb5081c2c82 (1 x GuLoader)
ssdeep 768:btsGMjJvbviB2G+kI43n9MgU220AjxQhxO0j0OplM5xHScMT6m0220Ajxtg:byG0g3nBEehQOLMWkg
Threatray 999 similar samples on MalwareBazaar
TLSH 15534C4B2D0CDA93E16087B12D6396A96719AC2C5501BF477E8C7F1CEA311C2BDD371A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.dynamail.asia
Sending IP: 111.90.130.90
From: Shandong Heavy Industry India Pvt. Ltd <snehashindee@shigindia.com>
Subject: Mold 6312701 2K Modification
Attachment: MH-purchase request list_pdf.rar (contains "MH-purchase request list_pdf.exe")

GuLoader payload URL:
https://djmixers.co/kcxbin_QlFdCwcYC87.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7460/
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 03:22:38 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5abdfgobq52iyn6ujutk6alf7fbjvcp2gzf72jb4eajff6ty4fqa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2a214959e1a85a4d11444053d4262961ee29e2cc53c3f4ae8f1a59152e5d67f3
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
7294bdc3333d08ac9c2397b3555c0126928c13600b23de09f21841cfee83f55a
GuLoader
93dc44981a771519cbdf592c8391ada5234cd2f6c19fc0bb4b3233867db9a345
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
ac4035cfb9c8a93c294fe1911bd4cd94ce403d8cdc301fa4bf113144b40d1245
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d9295800a68a51a4aab09c2785cd7887e867b59b267a1b2c27e0b06be7d1752e
GuLoader
e04cdba2c9443b7a859fb328cf19fecd73b6a91d0964b405d56a42ee0721c671
GuLoader
f708f99bcb86bc017f5b34435a241cb77fa4bc4c37d47b85f1ecc43e9ddc365c
GuLoader
+ 989 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xx4l6qkbze/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar be9e7ab3ea6bc28c9f1d823a80717ebe6f01e85bf4f2f65ff991f497947dd335

GuLoader

Executable exe e8023299c187748c37d44d26af0165f9429a89fa364bfd243c201252fa78e160

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378975/
  
Dropped by
MD5 d6cc23ec3a859625c4a2e404641db290
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 be9e7ab3ea6bc28c9f1d823a80717ebe6f01e85bf4f2f65ff991f497947dd335
Cape
Cape
https://www.capesandbox.com/analysis/7460/

Comments