MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c21e141ac2bf8379284f20873d9a401fcde6ed367a200fdd7df782e67142ac24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c21e141ac2bf8379284f20873d9a401fcde6ed367a200fdd7df782e67142ac24
SHA3-384 hash: 01f5040e59ccc687d29bfac84274b7c217f14a8a25b3cb4c4822ac7682bd06a45b7fe77a7a69b4e81a7bdf5cff9a44b7
SHA1 hash: cf5c2f10ed547bdc1206a580bbbf1303024a093b
MD5 hash: 3ab2c52d5b62436e2ef556b1c2487838
humanhash: golf-east-leopard-golf
File name:DHL RECEIPT.DOC.PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:17:13 UTC
Last seen:2020-05-21 08:52:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3e850e9d5dcefe734148819a99846079 (1 x GuLoader)
ssdeep 768:0Mw+5QwqdmLoNXUGWJUSX+6o+4njHm4rVV7f99hAMlr0JA6BHHN8Hf:NKUcV/WOSX+nnPrVVZrlr0rHHN8/
Threatray 812 similar samples on MalwareBazaar
TLSH 2DA32953F560ED71C68987BD1E5546A413AFEE344462EB0BB0C67F8C28FA681A5343CB
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yugana.daxa.net
Sending IP: 111.221.42.94
From: DHL Express (Intl external) <imelda@dskusuma.com>
Subject: DHL Arrival AWB Items #0904202076 ❗️❗️❗️
Attachment: DHL RECEIPT.DOC.PDF.gz (contains "DHL RECEIPT.DOC.PDF.exe")

GuLoader payload URL:
https://fvkreklam.com/MY_XXX_VUVHawg214.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.24757.5122.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 03:43:58 UTC
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yipbigwcx6bxskcpecdt3gsad7g6n3jwpiqa7xl566bom4kcvqsa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1cd0666b758f28d4d3a402dc10f1b185f5a1fbbe7f74cfceea475e72a5bbecb0
GuLoader
59825608710179356a6809648f78199bce58922841920895d441db2ab64e2da7
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
b4c38303fd0ec6723132e2bc5017904720211a5e660d4e8a722707c7d4214586
GuLoader
b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
GuLoader
c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 802 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-k4vr7esq7e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz d02147d45c3ba7afc2224cfe64b7d4a24b758640e863dee4874e055f85c0aeb4

GuLoader

Executable exe c21e141ac2bf8379284f20873d9a401fcde6ed367a200fdd7df782e67142ac24

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365797/
  
Dropped by
MD5 12fa65e90adad64226e54cb10fbca663
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d02147d45c3ba7afc2224cfe64b7d4a24b758640e863dee4874e055f85c0aeb4

Comments