MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 548a7b8c768e9f1a1911b4cdbc902dc388e74e31393825ac29704cc7edcfcb6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 548a7b8c768e9f1a1911b4cdbc902dc388e74e31393825ac29704cc7edcfcb6d
SHA3-384 hash: 8707d963188dae8024fb7d5db278346e03284cdfc9d7048ad74d27b5852ad52ddfd0ad167977cbae34126071a84b27cd
SHA1 hash: 43300e8e56add39f6f5e6fb9138743e3c6370d0b
MD5 hash: b9e4da0cd9cc48bae0f1bd9266ebf45a
humanhash: glucose-princess-neptune-green
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 12:57:27 UTC
Last seen:2020-05-27 14:13:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 78b3446d03de73d8eda38955898e4e81 (1 x GuLoader)
ssdeep 1536:bw9Z/o3GV7qvyVcosK+27WFztmPp5WFuZAc:k9Rd9b7WFRKpNR
Threatray 110 similar samples on MalwareBazaar
TLSH C4B3E81B75C1ACB2DD228FB14962DA921D22FC757C016F0B7249BF1D293A1CD39A07A7
Reporter abuse_ch
Tags:DHL GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.702.dlvtminio.casa
Sending IP: 142.93.132.77
From: Dhl Customer Services<Abdul.R@dhl.com>
Subject: Dhl CARGO ARRIVAL NOTICE
Attachment: DHL_Consingment_Details_pdf.gz (contains "gunzipped")

GuLoader payload URL:
https://asmobilya.com.tr/KEL_OVsbHQys31.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5701/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33911015.20819.23205.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 13:31:44 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1b735b93727cab4992aff0f4e2905ab57f0e3189b25cc164fb422685e6af70c7
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
3600e2ca432c06f2c37d370e2a70adbc1ed32e35ebfd177f1d7b09e0ceefcdd4
GuLoader
3f494d2d90c284f08aedea05b57a4eff483d51efe3a7b5cf9ad26c13f2d7e546
GuLoader
5d4a8635a8bd54c96eb76c61ba879998437d96bc72557ef2be44183797e49149
GuLoader
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
GuLoader
8bcd0f6cb2c259f22ade6de07f926c2e1512948af545e7a33fd27f784ef12bfd
GuLoader
a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248
GuLoader
a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
+ 100 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-nw7b3zj7wj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz a98b28434982d6ebd7556da448ee49debda62514dd2935c5c78ca1547f3e0634

GuLoader

Executable exe 548a7b8c768e9f1a1911b4cdbc902dc388e74e31393825ac29704cc7edcfcb6d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369898/
  
Dropped by
MD5 5205836eb9591c682f3e9adbda93075e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a98b28434982d6ebd7556da448ee49debda62514dd2935c5c78ca1547f3e0634
Cape
Cape
https://www.capesandbox.com/analysis/5701/

Comments