MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c83cd741a7210492c0146135bd247c08aac84ce75b26e520c1e74f806d71452. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c83cd741a7210492c0146135bd247c08aac84ce75b26e520c1e74f806d71452
SHA3-384 hash: 9a7e3cd8b15b943bcb72d8136dc2cc66fbd8f632c671936d0de187a0a7d9a426feb7b5f28ba74951268f954f205cef47
SHA1 hash: 6cb8b577100356b86c7baaf9f3d3037259bf5b61
MD5 hash: d411a7eda0cb083f4b6e74b87a66d05a
humanhash: five-lamp-nebraska-arkansas
File name:DHL 8897209547, bon, pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:12:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5593434ec1127f289b902ef3a9b51d8b (1 x GuLoader)
ssdeep 768:Ko/hc7416N8lBR2zlr2mZjnZq6b38vXovUTNaBnfKZIf8nTrYdbNno7mGNIdK7:F/FO8lL+2qjZqi8SBnoQQPYdbNn2Nx
Threatray 1'029 similar samples on MalwareBazaar
TLSH DB735C076D08C952D66046712C63C7AE2F15BC0C49866E4F348EBF5BBF32BA5AC9E11D
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vps.umetinted.com
Sending IP: 45.95.169.156
From: DHL Express Cargo <delivery@dhl.com>
Subject: DHL vrachtbezorging
Attachment: DHL 8897209547, bon, pdf.iso (contains "DHL 8897209547, bon, pdf.exe")

GuLoader payload URL:
http://vitaltea.co.nz/kidi/swaaap2020_kELYbpn105.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6063/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 22:20:55 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jsb425a2oiieslabiyjvxushycfkzbgoowzg4uqmdz2pqbwxcrja._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
168cd5b5e4d1dfec48777cdc97b74c7b33dca67d176f9add9bb94fa89905db38
GuLoader
2c8251c9e4f2d470d79530e8a6e57f3a59216cf6366e97464d743d3f25e534cc
GuLoader
32922de2503537acaf01c6ea91ecbbf5af81282f1847110792464144f34451c2
GuLoader
345ed143bf3a28f74de72fa62a271a67fb28ae04e6ca0fefa8eb09c7782dc3e6
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
8c3d7cd117d98d92e834d53374635acaf20a51a32888642eb621f5225bd9e29f
GuLoader
900a6f47b5d63eeb95728c0ec9ae469d31564cfbb1849b34549ac0f8de28fcde
GuLoader
9847005465ae681d1d9533697106492027a1d55b64b0ca1b6f2a79730a5140a4
GuLoader
d9b7293da93fe26342d47b1f00180746b3ee0ca251965e199996ad38c82fa422
GuLoader
e4402badda18b6a4c832fcb22697a4847bb438350502975e764257027dc7f670
GuLoader
+ 1'019 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lvmyvz767j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 8d1bd9dc601b24aae8b456f573e4553bf0a888d1bcab7951516725e0354505a5

GuLoader

Executable exe 4c83cd741a7210492c0146135bd247c08aac84ce75b26e520c1e74f806d71452

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374413/
  
Dropped by
MD5 226e456b04770064ec6134c151443353
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8d1bd9dc601b24aae8b456f573e4553bf0a888d1bcab7951516725e0354505a5
Cape
Cape
https://www.capesandbox.com/analysis/6063/

Comments