MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd268c1e214dd5e0ae8dd56403ef5001769f9fc0ac5e7491c9460a52dfd2cc89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd268c1e214dd5e0ae8dd56403ef5001769f9fc0ac5e7491c9460a52dfd2cc89
SHA3-384 hash: 30eaccfe0e69eaf8a853a645b77ced3a728c225559abddeb3283751f0e1530d87470b879a4dbe73ff47aab01fc3206b6
SHA1 hash: cd04d55e27805c9945e28e3d67dcf25cc40c3752
MD5 hash: a95cee6d6f891732dfdfa3808cc96c0f
humanhash: bacon-dakota-october-november
File name:DHL ADDRESS KR.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:43:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dd9888d19af832f1ac8f55454a61eb08 (1 x GuLoader)
ssdeep 1536:bGuRtSvaNbAwhfAZriaVqDSppLdfWu11b:rWaFAwhfrDSzNl1b
Threatray 5'932 similar samples on MalwareBazaar
TLSH DB739F03A90CD697E1544BB02DDB9F79271A7C284981BF4F2189AF5FE4723526C7E238
Reporter abuse_ch
Tags:DHL exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.nbdwyy.com
Sending IP: 122.227.224.186
From: Kim (DHL KR) <lis@nbdwyy.com>
Reply-To: hawks3399@gmail.com
Subject: 마지막 경고: DHL WRONG ADDRESS FOR DELIVERY
Attachment: DHL ADDRESS KR.img (contains "DHL ADDRESS KR.exe")

GuLoader payload URL:
https://bluestartransportllc.net/wp-includes/ap/bin_sAeiHwhN42.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7267/
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:45:07 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7utiyhrbjxk6blun2vsah32qaf3j7h6avrphjeojiyfffx6szseq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
1d3bd2bc079a411c7f6ae85c322147246640834d77cba3388f00a0ff1a86c6d1
GuLoader
5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
c906a842516c0b1b052768b573c44fc42d24e0abc4d89ca8e4afc2559adaea1d
GuLoader
cbe345880baebbc56c019721184c56577bccf0b66091b09f90163646f0bc7af7
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
f3691f40ec472e4bc10cd7855fce1e52a6e177513c1cff51054463cff7106601
GuLoader
+ 5'922 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6e39sxljns/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8c8767c7ecb7b920a1b5341eb6fd8403f0f35febe263309b26ad0b934f924bf7

GuLoader

Executable exe fd268c1e214dd5e0ae8dd56403ef5001769f9fc0ac5e7491c9460a52dfd2cc89

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384286/
  
Dropped by
MD5 1fafa741fe9efbc6e694f8ce8137a215
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8c8767c7ecb7b920a1b5341eb6fd8403f0f35febe263309b26ad0b934f924bf7
Cape
Cape
https://www.capesandbox.com/analysis/7267/

Comments