MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7628bdfdefa90c3dde24286daa4292bd93f6a95b9c95ed0e64df8e7df9a13289. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7628bdfdefa90c3dde24286daa4292bd93f6a95b9c95ed0e64df8e7df9a13289
SHA3-384 hash: c46cc8488a6d0c7cdfcb0adbf1adcee31884cb1911d707b21b722edfe6214cbf14693d41795b3a06fc1d009faf9ae0e5
SHA1 hash: 74850bf4a2bafe34c831640a8fd804d22cac8000
MD5 hash: 3420f18ad3b26cb5f964c0fbfe29e299
humanhash: jersey-leopard-louisiana-papa
File name:AWB 0198273-20-05-20.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-21 15:35:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e1a6514df6680cb567f1b8dd4aefe1e0 (1 x GuLoader)
ssdeep 1536:DozkgLQ9WzbaT8Ff0/VYyI/G4olHE4b1PTkeaj:pwQ9Wr+/VU/jqE4JoV
Threatray 85 similar samples on MalwareBazaar
TLSH D7B3F95132D1B926DDED0DF21AB2468463AFBC3D6802670F37C57A1ECA33940A7617E6
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.214
From: Notificacion DHL Express (ChiIe) <notificacion@dhl.com>
Reply-To: bbnet3823@gmail.com
Subject: AVISO DE LLEGADA ENVIO CON (Guía Aérea:8158025864)
Attachment: AWB 0198273-20-05-20.IMG (contains "AWB 0198273-20-05-20.exe")

GuLoader payload URL:
http://kuroilersuganda.com/bin_eEEqu145.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 04:00:06 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2ace558d202e365fac33752bc28b1c60b07e90904c9f0f4492d13d67f3277530
GuLoader
2ed58cba6fbba892cde349ea6759ddbe197bcc1adf9c55801b30ccd3d28ec55f
GuLoader
347ec9d5455536ace4c650476001fb0511d5ea5f734a951b523ade3001472dd4
GuLoader
68e7c82cc5535b87b0e1310f9a054432944b6efa0471e2b03101554bdf7decc2
GuLoader
7b673f65dfb02aea2b7fe950c749c17a953d2b9514aa78c663aac6c002b6bf6b
GuLoader
9b322d3c3a5bd842ae2563f5eb2ae4cf7957132311ccf051d7bfeb4601866a33
GuLoader
a823a4702ff08fa0b0b70a2f781fe36db904ec2d975f58a5f9d44e85f4b85740
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c11918578270f2c2b9c8f834eb7e336cb213e2ff3721e62fff594635d79ce365
GuLoader
dadd0d7d480d15bb718d82ff012ace97f16fb4a2a6862dc5ad04e9b2b95380cc
GuLoader
+ 75 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-v21ks2ptca/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 832b8b8af81671ec21deb49eea38c2aa3ee96312a7370f0d1a4f29575af5ff07

GuLoader

Executable exe 7628bdfdefa90c3dde24286daa4292bd93f6a95b9c95ed0e64df8e7df9a13289

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366244/
  
Dropped by
MD5 a675e8f493bbdcf1c0b471f98e90aea9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 832b8b8af81671ec21deb49eea38c2aa3ee96312a7370f0d1a4f29575af5ff07

Comments