MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16c2092baa98a45c1b1528ac2fd3674c26f9b30e62d2fcf619c0d3f8c83fa6ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16c2092baa98a45c1b1528ac2fd3674c26f9b30e62d2fcf619c0d3f8c83fa6ac
SHA3-384 hash: 188c963cdd99c11a74cc2e45a156a025661fedfc343e3108ff5e295d59ce8c5a5b07d51bf76a8c3ef09d494effba4158
SHA1 hash: 6bcf540afdf2c59a54c42a7ea1cafb90d77a155e
MD5 hash: 0af4660beba419fa062b5f78c3427bb0
humanhash: eighteen-high-table-avocado
File name:shipping docs.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 07:49:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c539fe02d3e471bb8ffaad3285bd6bf (1 x GuLoader)
ssdeep 1536:U6li6pVp39ISaEj9XPFHlgVH6gIlFGAXHo4z8EooTb2d:hpV5CSa+PFFcaTYoTq
Threatray 818 similar samples on MalwareBazaar
TLSH 7BC31813B4984EA1EC394FB12C57AAE71F16ACA099210F1B3206FA5D23731E63DF5716
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.skylinesservices.com
Sending IP: 162.241.235.200
From: DHL Express <support@dhl.com>
Subject: Fwd: DHL Shipment Notification : 7348255143
Attachment: shipping docs.zip (contains "shipping docs.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1MaId-bDC66lxKekfa1yPZi5xj6yWr572

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5641/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:38:33 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06ff22b8f0ffe174b0272b21ed6e0761671398e1c7a3e60dc0f5db55fa156193
GuLoader
25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
533abb61ce480e7682c142da1ee6d9385887b041965f9bc35e575f928412cd9e
GuLoader
63b3643da0804ac1ddc37ae59c80175a0c22d17ee37e7a0c5cfd3a4d20b7c926
GuLoader
70e8b249ce476ea3ff1c233de9eef9b9f1e2ad1da22c1bb3e16acc20eaa0e9a2
GuLoader
8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
GuLoader
b867c39938c7f9800c4a4da862d641a08e2faa3a695c8e41242ff61e767e4cb4
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
+ 808 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-j5nza4tpgj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2a3e115c488e0398ff8124cb6bf87225e1dd74780aa388d4631274d0f3a34e93

GuLoader

Executable exe 16c2092baa98a45c1b1528ac2fd3674c26f9b30e62d2fcf619c0d3f8c83fa6ac

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368662/
  
Dropped by
MD5 ca6efed8a72a6aebdb17b326cfa9507e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2a3e115c488e0398ff8124cb6bf87225e1dd74780aa388d4631274d0f3a34e93
Cape
Cape
https://www.capesandbox.com/analysis/5641/

Comments