MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a7760c4a4b1244950ea0fd475c53005ced18cb314a2e0fc4499086582e1a5aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a7760c4a4b1244950ea0fd475c53005ced18cb314a2e0fc4499086582e1a5aa
SHA3-384 hash: 5dea963a0439094ad7317d36a12ac347aee5b5849e6a6af17317dc19e643bf6bb4fa9b02e0f0baac813b42d8a527942d
SHA1 hash: 8ddbd928e31d2f95bb1af5759992b0d24b4a74a3
MD5 hash: c5ef08e0962183b76209c8ad5866353b
humanhash: speaker-two-mike-tennis
File name:gunzipped
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 06:02:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d2b54019951457354a020269e7a1d204 (1 x GuLoader)
ssdeep 1536:J9JSPfxV40NJWk7aXeukgrKHxLdGKc+o0FDHdZ1gIF0hRoMkgMJV1kpaF:YPXNJXaXegKVdhjFD9zmeJ4a
Threatray 1'671 similar samples on MalwareBazaar
TLSH 54B37B03EC8D8653D1458BBD3D1A8DB97A1CB91D09005FDF6139AE9FAD326422C9721F
Reporter abuse_ch
Tags:DHL GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.467.celumltd.casa
Sending IP: 206.189.46.179
From: DHL Express <service@dhl.com>
Subject: DHL Consignment Details
Attachment: DHL Consignment Details_pdf.gz (contains "gunzipped")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1bLoTtOXDaHzrhrr6SdwfOHy2EToX25WE

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Lokibot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6458/
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 23:33:23 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pj3wbrfewesesuhkb7khlrjqaxhnddftcsrob7ceteeglaxbuwva._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99
GuLoader
8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09
GuLoader
a3314185c4c7b813105231aa59fbf2045b1fa595fd4bf322370112926afc24a7
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
c7c2e3e6dc40ec793635b6f18e44223d8cbf9fb621ee0d5b374b709510fe2d9a
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
fb6a49d393c339750c2effe7797cf304d7d9bb8c95fdaa3431af177f7a677ba8
GuLoader
fea3940f656c82bb8ed4668c67b6be0ecd1b72fc6d6ea52199c365ec03212a31
GuLoader
+ 1'661 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fwvlgdxc7a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz c3218d7e7edc46d4b51bdad6cbcbe388bdd69f764537785cd59652d4256822bd

GuLoader

Executable exe 7a7760c4a4b1244950ea0fd475c53005ced18cb314a2e0fc4499086582e1a5aa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378976/
  
Dropped by
MD5 36ee136656894aa09577c46625b8129b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c3218d7e7edc46d4b51bdad6cbcbe388bdd69f764537785cd59652d4256822bd
Cape
Cape
https://www.capesandbox.com/analysis/6458/

Comments