MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f0e37176d22221a7d86cf5ba5d17692c55b6eeac3b1197d135cb6ff95a12a0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f0e37176d22221a7d86cf5ba5d17692c55b6eeac3b1197d135cb6ff95a12a0a
SHA3-384 hash: b6846e2d2f61653c95ee85ad4f969c67bf30d7b0ad13b0aec59cec706be1738ed834cff1adddf742dc79010e59996a42
SHA1 hash: ec735da50a3bce0f9c2f35cb4974bfe4d7340952
MD5 hash: 2d268d5f67d7b5a16e3f4728db52897a
humanhash: single-zulu-aspen-batman
File name:DHL733918737WA.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 10:25:01 UTC
Last seen:2020-05-21 11:15:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4570344c93ae7fe1e01ebf78ab026c23 (1 x GuLoader)
ssdeep 768:rwSSZz04j9V/In1E8rOB47NP/Ku7SbNDRtnvUqVf8PzwpBqIMgQg3RVC3WwfiM//:UTJj//YE6OBS7S5DHvjUCYsQoRafd
Threatray 83 similar samples on MalwareBazaar
TLSH B2A31921BAF4ACB1CE95CDF15D668AE8146FEC7424128E0770CBBB6D1673A41E01935B
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: DHL Customer Support <esivakova@mlproduktion.sk>
Subject: Consignment Notification: You have A Package With Us
Attachment: DHL733918737WA.rar (contains "DHL733918737WA.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=18kKKZ1Yjp0c3QJNcV0NvYQLuYD7zu1Hpn

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.22577.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:37:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4hdof3neirbu7mgz5n2lulwslcvw3xkyoyrs7itls3p7fnbfifa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1f02d06a14d5e83c297271a24f9dad9f28d25e387bc65784077ddc27165290b5
GuLoader
250cfc3bf5271e6a5cdd6ebe240865bf2f960c877590b679c878181b42f85341
GuLoader
548c375182f63e134625ec757d001e42051be39bf22f4065932ba53557825312
GuLoader
ace64cbe1ef91a0b14602264fe0de8e3698cb8b901cbd6251b3fd11d87a0bef6
GuLoader
b0fedb5fc4232c07ff1161ddcc830cf11596ba2653cc7cea1d5666b4bab1f276
GuLoader
b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b
GuLoader
b87295a4b2fb2d2f4df9d502d52e2f50a5e9b3ba9f56b17e252fa0f3022ae6f4
GuLoader
cfb6b2b831592f1ebd43929977ae4963f8c2b3b2472214c82c3c3c1513a6b54f
GuLoader
d0198b775182eab3ed405bd0d946006ec8616b61083e643200d1d34fe8cae2f3
GuLoader
fc0ffda44e2748b424639a1592356cc209abf6045a8d6a069f5f562ea1f31763
GuLoader
+ 73 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-y2d3czm8r2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 40bd5ceeb802987cef7b23e3e50cf902663d038710891eb1aa1b0641dc61aba9

GuLoader

Executable exe 9f0e37176d22221a7d86cf5ba5d17692c55b6eeac3b1197d135cb6ff95a12a0a

(this sample)

  
Dropped by
MD5 58de20c5d000f1adc5ca07ed7eb1023e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 40bd5ceeb802987cef7b23e3e50cf902663d038710891eb1aa1b0641dc61aba9

Comments