MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7556ace3bd8a035ca289145f068029f6137fe41f935b32fd1d0b046d1f2e05ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7556ace3bd8a035ca289145f068029f6137fe41f935b32fd1d0b046d1f2e05ab
SHA3-384 hash: dca2bd0a9b01690d46821c782af1c97e51deb8666d7dc64b771955db9375bb716e24d775cab5baed4e2bbbae44894c4c
SHA1 hash: cd2aad998bf05e7a13182e4b21b980e3391790e5
MD5 hash: 449e962fff13537f4f84132271fe9b36
humanhash: alpha-echo-mockingbird-timing
File name:DHL733918737WA.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-21 16:06:58 UTC
Last seen:2020-05-21 16:48:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a322300b1147e45c7b494b1a86a265bf (1 x GuLoader)
ssdeep 1536:eD/cO4M2IfsQ6gFf0/V8MhrfoKxWCDUC6i6Lo3:wmMWg+/V8SgK0C6i8s
Threatray 115 similar samples on MalwareBazaar
TLSH 0EB31B4177C1E926DDEC4DF216720654E6EEBC3F6902670B2BC0760E9637980B726397
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mxload.webglobe.sk
Sending IP: 212.57.32.40
From: DHL Customer Support <esivakova@mlproduktion.sk>
Subject: Consignment Notification: You have A Package With Us
Attachment: DHL733918737WA.arj (contains "DHL733918737WA.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=13VlSA2LUc-TOPJnEHm6KHB4pFEOuvUSi

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 03:15:05 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0fe7ea8749ad06ace6adf0d7ffa5f6f22ade0f9acafc4aac72b77f3b7c017ad9
GuLoader
2a46d6c287851041f7a352051cadd95de3379b8878191c925f7d423a475936e6
GuLoader
32031ca4487b08af41a597da7d22c05a3d4f676c33119c057f3f4a1431217887
GuLoader
3c6d1adb8c659c6608e4fa44fe880adb352bd9e8491430b4f559604fd412e181
GuLoader
4bf2f4dd9ecaa28ecebae186a118cf66f8fce7ee8790351ca7224516ff47010e
GuLoader
504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708
GuLoader
5d65fcb03519e2de623db04685570406c586ee4d121c9381910932cf2e1bd344
GuLoader
7df6cffe72503e47063c3b80da0e2df2d3932fa50cb08daa8f0d0aa8ec7d8184
GuLoader
c58594d414c882ce33499233c2f508789e5fa4d91b79ef01d763012e39d7b095
GuLoader
da19555286a99fed6a4a84c0c4b76e793618299f6d4cc2fe31373ddc033d8dcc
GuLoader
+ 105 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4ae1m98jns/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj b1b9b7053609a995a94295c403fdd3b9f9c1130de9596a38a7c53e668c587a12

GuLoader

Executable exe 7556ace3bd8a035ca289145f068029f6137fe41f935b32fd1d0b046d1f2e05ab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366261/
  
Dropped by
MD5 ef9f55e1f08bfc37e053d1ead1144368
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b1b9b7053609a995a94295c403fdd3b9f9c1130de9596a38a7c53e668c587a12

Comments