MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 153df3fe76a7a30ea0cad977d5d8bbd667c91eeff663235f5e64b6ed27be9eab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 153df3fe76a7a30ea0cad977d5d8bbd667c91eeff663235f5e64b6ed27be9eab
SHA3-384 hash: c5c188f8650229c2071c82d9aed31e73d1f686d6436d234cfeda54c9b4c8f7ccd8a1ee7c8e9aebe8b346a6d63c6a00e1
SHA1 hash: 0a7a8f9f593456ca10b803fa4f3b43a78a59e65f
MD5 hash: 4e977af135d52c1202a62194f2fc938a
humanhash: happy-one-queen-sodium
File name:DHL_AWB# 9284730931.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 15:54:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a3950ffe375e513b9b7b6602b93f57b4 (3 x GuLoader)
ssdeep 768:bW8BxRorqiYawNi5K/5gB0JjFXZEdH9GZ9EVS+lFEuzPkZU3H0:b6iaOiE/xfpE+ZmpFhW
Threatray 312 similar samples on MalwareBazaar
TLSH F1933A1272D0D22AD3058FF51B36ABA8069BBC705D558D07B5C23F1EA736E43E52632B
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.gtrit.com.my
Sending IP: 103.18.246.122
From: DHL Express <dhl1@dhl.com>
Subject: Original Shipment Document
Attachment: DHL_AWB 9284730931.rar (contains "DHL_AWB# 9284730931.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Fareit-7784794-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 23:11:18 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cu67h7twu6rq5igk3f35lwf32zt4shxp6zrsgx26ms3o2j56t2vq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
02ed63cbeaf40a7221a007c8fd3641de0406943ac82f49cc5b3e85cfa0e17ec3
GuLoader
12448a818e7ccebc492215109f9abb94452d760dfea2679461b573e785895ab1
GuLoader
35de9956cb66110ef820db84e9eb9af8ea161f63a7ccfceb482c21299db67e9d
GuLoader
47bd044b43d50313e7cb86aa0ab8e63cbbb1673ea0813657fa4fcac76947caaf
GuLoader
5b2459c7aa6746f614a05a2797798fe09ecf294db3e2c1ddba33261e2f4acf8a
GuLoader
720004239ef0cb716b2f0d8793cfe7fb06d408cd5c598a6c726aab7f21c0bad0
GuLoader
7c58672f646a85dd65ae2c5d44fdcfb899584a9a27650418a06ecc495cdf7a86
GuLoader
7cc0c6e489cb1b2d1dae70339b9409f9a54fa7d8920430490663b6f28ea4a7b4
GuLoader
81a658971e7a9f45c2237755d6e1d231f320d1fadf7356927ff782ae2ff22dea
GuLoader
8b361138d1a485395c9659ea7b607b22b9947abb8fdf8383383103412d9cd4d3
GuLoader
+ 302 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bbzhvekmpj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

7e898f131a6b78555145c30901fd0de3

GuLoader

Executable exe 153df3fe76a7a30ea0cad977d5d8bbd667c91eeff663235f5e64b6ed27be9eab

(this sample)

  
Dropped by
MD5 7e898f131a6b78555145c30901fd0de3
  
Delivery method
Distributed via e-mail attachment

Comments