MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdb10ff1d5b312ddcad914cf17cfc504da6d9fe264b603c5e83df4fff7da60a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdb10ff1d5b312ddcad914cf17cfc504da6d9fe264b603c5e83df4fff7da60a1
SHA3-384 hash: 5018dd85b9ae954beebf1058e559b0a21757a716b9839fd6f9137098da28e6e72d529f03e42ec319b1627a5989a1047f
SHA1 hash: 21799bcc4ac82503fb2954f996fe1e50fc9dd349
MD5 hash: 7f0fcee3c341e26692b3d274925a94bd
humanhash: bulldog-speaker-thirteen-delta
File name:original shipping docs.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-05 13:26:57 UTC
Last seen:2020-06-05 13:40:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fc484a204145680666afa5fb14ac8389 (1 x GuLoader)
ssdeep 1536:hfJDrdLtw1mCTziRywDwv6SxYbKo0sn8H9Cki/:hNrdhwpk/ESRbKTA/
Threatray 969 similar samples on MalwareBazaar
TLSH 3B838D03AD4C8943D04847F46E23DED90E27AD2C4942AE4B35886F9FFD757A3689620F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6677/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMGX.4254.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 13:20:22 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7wyq74ovwmjn3swzcthrpt6fatng3h7cms3ahrpihx2p7562mcqq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1f6b6d481b672f8ed428a044ebffa9e16424317c0081aad3c00cb61a547b90b5
GuLoader
3142e31329c54946869e2c0595bf23492f58f776ab9d6123bf20d10b6cba5602
GuLoader
5bc45e4356d18725afcfadc81b15317f2144140baa77b893a8732acdc689f43b
GuLoader
604cdf637c64c8862b506caa60d1a66b02f97127dc265c6943cadd126fc32f14
GuLoader
654512ba13cb405d6b839c46b229c1a6d506fbe3749861d8973f484edf9ef791
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7f950bc31a7a30c03b8e703b1f59673a787674452e9c258e8343f9504486a559
GuLoader
8eaac79108455d13b9ba6696108a2f5a734c02463b208a5d399d3a70ea792498
GuLoader
b1cce5c3801487b851b808c16590f54937f9c36d668b9fcc2146c3d2d2040d97
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 959 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-h8kdtm45px/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 56c8675137f71c4f50b51a97dd8ad49eb5806299b68247dbf06850260d9956e9

GuLoader

Executable exe fdb10ff1d5b312ddcad914cf17cfc504da6d9fe264b603c5e83df4fff7da60a1

(this sample)

  
Dropped by
MD5 af94d70aa77ec14950e4204890baa719
  
Dropped by
SHA256 56c8675137f71c4f50b51a97dd8ad49eb5806299b68247dbf06850260d9956e9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6677/

Comments