MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
SHA3-384 hash:	50c42764f5a8e0d264e06f0f012f334a491acd9fed835d7dee454393f766c780033a2156ab71fa06e94e400fdc0f7f68
SHA1 hash:	8950962e9f65173638c5d947f97761f880913f1b
MD5 hash:	78d7e7f8cb233823197ca3716a7a188c
humanhash:	paris-lithium-emma-harry
File name:	DHL_AWB# 9284730931.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	94'208 bytes
First seen:	2020-06-02 10:59:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7963db5789e71d31f6273b0e52e48ca9 (1 x GuLoader)
ssdeep	768:vHKhc7416N8lBR2zGqJiP4uTrld1gNri8to5Ob9wJB/f2d5TN7nIKJrpcfHGYPev:fKFO8lLRkyouPBWvtQ3zmONhbe
Threatray	1'775 similar samples on MalwareBazaar
TLSH	A29339077F449502E02582712E57C3AA3F65BC2A48029E4F754CAE4BBB356639CBD31F
Reporter	abuse_ch
Tags:	DHL exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: server.gtrit.com.my
Sending IP: 103.18.246.122
From: DHL Express<eawb@iddhl.com>
Subject: EAWB Notification
Attachment: DHL_AWB 9284730931.rar (contains "DHL_AWB# 9284730931.exe")

GuLoader payload URL:
https://qif.ac.ke/flow_AoGPhiVz245.bin

Intelligence

File Origin

# of uploads :

1

# of downloads :

62

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6046/

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-06-02 16:51:49 UTC

AV detection:

15 of 31 (48.39%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=wjt4ekfurayz4niu3zvjfhyw6vpbrt4kzgje6kmjwgm6xzvvdjmq._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

0005e5022cd608e05426c717720cab930b17de32f9afde7af7db5bff68db21ea

006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b

12bae6b2d092fc8c776ea509d90b393df8e8f336214bb155f7e2d7f18beb4cb1

13393c26e42a0d09bbd796f3f9b5109dc0d2e7ff7bd7f4aac0aa0c879c5c123c

2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c

3c2fb53051873bdd9f851e47352dd4b303241a0224f458040dd5d06ac242cc7d

9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412

9d772f078ebff5dd18830b266cf39eaea44289e765d6290e8589e684a22d0946

ad8132d2a341bf731c105eed4dea2357f5ab516c085550294593a2e41f34ebc4

dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d

+ 1'765 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-74nqxatxej/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 2ec4855660b623164be8cbd892c4125175912a9a8ee4ea3e4d76d1a357d6f575

exe b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/365459/

Dropped by

MD5 7cc13969fc4c3fc4b543e16f247263c0

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 2ec4855660b623164be8cbd892c4125175912a9a8ee4ea3e4d76d1a357d6f575

Cape

Cape

https://www.capesandbox.com/analysis/6046/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample