MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15
SHA3-384 hash: 3ae87eab06555318b03e04ddb24d4f29683c61708473aaa9527133324778a56dcff87d7a229adaae60e193669ef9b67f
SHA1 hash: e3c3e27e25432fbdb9b139d9e34029ea13161573
MD5 hash: b08a17b5c08ea91b3e4b6e69a6ac323a
humanhash: ceiling-ten-delta-kilo
File name:DOC24052020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:24:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7f7daf67028685a14a541be7e571ed48 (1 x GuLoader)
ssdeep 1536:nWMT6BvU3pkT9vtAdSwHSkGPGmLrMix2d8jOE:nWci83yQniGmLgM5d
Threatray 5'107 similar samples on MalwareBazaar
TLSH 82B3F95379C8ECA1ED418FB25AE24DA94D22BD261C414F07395FB76D79336C12BB032A
Reporter abuse_ch
Tags:DHL exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cer.pulapint.nl
Sending IP: 134.122.111.238
From: DHL Korea <info@clinton.org>
Reply-To: kodak3399@protonmail.com
Subject: (DHL) 글로벌 문서 도착/주소 확인
Attachment: DOC24052020.img (contains "DOC24052020.exe")

GuLoader payload URL:
https://noirrealtysolution.com/ad/asd/bin_keNInZ155.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5558/
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.gm0@aOnU67nb.26448.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 01:22:13 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0
GuLoader
6f3cf19b51263af0e6b7e8856a7d635a44dd101e069b84f5ceb11778a81cbf35
GuLoader
72e42f1672249fbd4db20c17d5e29fba5838ef08cf0f6964d84ffc434ea46f27
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
8efac0f1a783fbe5627c1fca4c211583bf045bd5671d89df9418220d66078c11
GuLoader
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
GuLoader
b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65
GuLoader
b8ee3458736fa73672b43a4c55e136bafc48b215dcb89dac28b5865ab59fc99c
GuLoader
e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0
GuLoader
e69790e910b1817bcfb714f20fda02b6e024babd3dfcea8fa982192928a5df93
GuLoader
+ 5'097 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-59bf65eabj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ebd89ad32a8eb7b4acb5525539791866e577c727fafe83ddd297ae5b131f3bf6

GuLoader

Executable exe 5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367854/
  
Dropped by
MD5 6d9dc7f353f7dd47701e253b885c4d59
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ebd89ad32a8eb7b4acb5525539791866e577c727fafe83ddd297ae5b131f3bf6
Cape
Cape
https://www.capesandbox.com/analysis/5558/

Comments