MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40bd5ceeb802987cef7b23e3e50cf902663d038710891eb1aa1b0641dc61aba9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40bd5ceeb802987cef7b23e3e50cf902663d038710891eb1aa1b0641dc61aba9
SHA3-384 hash: e7208407b33be1facfddd23e0d6c5d630235a4605ac56f233308c9ff3e8b9304a695fa5ba5a8feaf69e0cbcac0e5064c
SHA1 hash: bb5b712156a7af5a739c045e9e12f8b0f3c7041e
MD5 hash: 58de20c5d000f1adc5ca07ed7eb1023e
humanhash: bakerloo-fish-utah-floor
File name:DHL733918737WA.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'630 bytes
First seen:2020-05-21 10:24:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:5c2Lss0dBFYJ+2cpOdEfWpBSzry/cHz9BYGWIBT:6yyzYCrfWpBSYGRBYBIBT
TLSH EAB2F1982DB90588924329B22474EC4C1A7755E197184EFF384365DBD0A5ED33B72F86
Reporter abuse_ch
Tags:DHL GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

From: DHL Customer Support <esivakova@mlproduktion.sk>
Subject: Consignment Notification: You have A Package With Us
Attachment: DHL733918737WA.rar (contains "DHL733918737WA.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=18kKKZ1Yjp0c3QJNcV0NvYQLuYD7zu1Hpn

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:51 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ic6vz3vyakmhz333epr6kdhzajtd2a4hccer5mnkdmdedxdbvouq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 40bd5ceeb802987cef7b23e3e50cf902663d038710891eb1aa1b0641dc61aba9

(this sample)

GuLoader

Executable exe 9f0e37176d22221a7d86cf5ba5d17692c55b6eeac3b1197d135cb6ff95a12a0a

  
Dropping
MD5 2d268d5f67d7b5a16e3f4728db52897a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9f0e37176d22221a7d86cf5ba5d17692c55b6eeac3b1197d135cb6ff95a12a0a

Comments