MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58f46319accff094228d3cf5be19cb06ecf1fc4325340a5f0a1c3c69fad53642. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58f46319accff094228d3cf5be19cb06ecf1fc4325340a5f0a1c3c69fad53642
SHA3-384 hash: 978d5a77526da210bcdaa7d2b2ab6e5e80f02e7c941d84404324487a4d15b9d0b0e960caa4d1079001b93947655d4426
SHA1 hash: 94d76d83816e158adeb1eb37a7d6e83d069c1e4d
MD5 hash: 2545dd071e29ceb9aaabe900d7311624
humanhash: speaker-aspen-undress-blue
File name:shipping documents.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 16:01:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4912e11c52bc5dc99dfccd637da2e2d4 (1 x GuLoader)
ssdeep 1536:3FO8lLG8Gha+X0t2Bbw5/86LzwKQwrXuTnCCS5cgk:qh30t2xi8MzwPUFk
Threatray 998 similar samples on MalwareBazaar
TLSH 029307436BD85911F1B24A706EBB93996F15BC2A4D429A0F340D5E4B7B307629CAC32F
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 162-241-235-200.unifiedlayer.com
Sending IP: 162.241.235.200
From: DHL Express <support@dhl.com>
Subject: Fwd: DHL Shipment Notification : 7348255143
Attachment: shipping documents.zip (contains "shipping documents.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=10qkByuKJTKPBBfrfbhda8Oq4K-U1IQr

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6166/
Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 16:35:58 UTC
AV detection:
19 of 30 (63.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ld2gggnmz7yjiiunht234gola3wpd7cdeu2auxykdq6gt6wvgzba._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
033afefa4c3ffe5fadd50c033ef0232605929c32e99bb96493588e01c0e211ee
GuLoader
4b030ba8e4ea2927f995762c1063a0d50d285842856ea1bd931bbfb61c59f617
GuLoader
654512ba13cb405d6b839c46b229c1a6d506fbe3749861d8973f484edf9ef791
GuLoader
65ab725aa981b93b5f3ca28ea8f5257235f6974abe8fb5b03086cc1f9c6aa41b
GuLoader
698435e03511a280b49f016d506f4e8f3ade4d777f294925ddbcb333d6d4853a
GuLoader
765500e5e5af3c7320a36073ad19d4ba4bd15a21a5c65e2ed61eabfc428244c7
GuLoader
dbcd4223a3ce8bae549ac845b83040d2d1cc4c8c67f102830f5b503493b81e2c
GuLoader
dc352fba70b027e2bfd420907be5443af811848df52a16a4845b2caac3ad8d2c
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 988 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-c1p5pkkfjn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip c9db08836318c6fd686dba51a19982b12bca264b2adab024c49d960400b90637

GuLoader

Executable exe 58f46319accff094228d3cf5be19cb06ecf1fc4325340a5f0a1c3c69fad53642

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374623/
  
Dropped by
MD5 1596455ad7b1d6904a3a1bf7eadd0106
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6166/
  
Dropped by
SHA256 c9db08836318c6fd686dba51a19982b12bca264b2adab024c49d960400b90637

Comments