MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5281b04770cbfc7ab88d17ef529b8c59092d101e349d0140a8645da16aed369d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5281b04770cbfc7ab88d17ef529b8c59092d101e349d0140a8645da16aed369d
SHA3-384 hash: 4b98a03f387eb63b4d037cbbade5b78c00525175800913a5606be943594264e1e61fe6e31e699187ea6276f828170c34
SHA1 hash: 0e5250d91ee00e102f0abab71a48132885f01791
MD5 hash: c97f5c3009ac3250b58fa00f67ccf071
humanhash: bluebird-speaker-seven-burger
File name:udlaa.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-05-21 08:39:31 UTC
Last seen:2020-05-21 09:51:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 785636312fa9ab0165ea111bc09a1221 (1 x GuLoader)
ssdeep 768:AAKmJ+qnswdRvH89RO2nCGQigiwQTgv8DgR9y4bhhhUBNo6qSk:AA4TwrgPCG/2Q7K1TUBNov
Threatray 584 similar samples on MalwareBazaar
TLSH B8932A63F962BEB8D97A0BF24C324650046BECF11CD75A07E5CA3A0D0D37A8E981571A
Reporter abuse_ch
Tags:DHL exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: poc.creationfinancial.co.uk
Sending IP: 178.62.94.186
From: DHL Korea <info@trailnet.com>
Reply-To: dhlofficekorea@asia.com
Subject: 소포 도착을위한 DHL KOREA INFORMATION입니다
Attachment: DHL Korea Documents.img (contains "udlaa.exe")

GuLoader payload URL:
http://izpanelone.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_TirFIsqp75.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47936.22062.31059.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 03:57:36 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kka3ar3qzp6hvoenc7xvfg4mlees2ea6gsoqcqfimro2c2xng2oq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0d812586b239b0ce1c4f3f9347386c75e70ab098659c019e100160078b821aa5
GuLoader
0d96c8a11fe748d1258fc20378d3e354fd468dd7ba9d07670497024b6fb03406
GuLoader
118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1
GuLoader
380a0d5b3d5ae9eb9a53cf5bb4fe1737de62020e4f0ec5f56ee601bf8a884d1b
GuLoader
77b2ce43a1a7363d6c90b9b11fc05220511a868f4f8ca72cd6cbe3219f79fbdd
GuLoader
a0fd9cf6002a8f7503dd47682be0dca44ffb66157c910ada1ffc360c2d7d70a6
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b5961f407c0afef04c9406ba17cbae3fe4cc575b47e50081abbda0d96f9c0f18
GuLoader
b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397
GuLoader
e654d1c784c371f9dfc855685f6cde32d4e18807678594291783c62dabc44f98
GuLoader
+ 574 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-rnfqfqnyvn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 442d68d95b9ec3f751b4bdc7db18739d23bfbec95399002d29ab5d9940934687

GuLoader

Executable exe 5281b04770cbfc7ab88d17ef529b8c59092d101e349d0140a8645da16aed369d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365777/
  
Dropped by
MD5 dca387c7856fcd400dd9d9f8df3ebae5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 442d68d95b9ec3f751b4bdc7db18739d23bfbec95399002d29ab5d9940934687

Comments