MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cf754ed7c5a766f7622660204ef84baefe244fea900ee17fd5c80610fe302e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cf754ed7c5a766f7622660204ef84baefe244fea900ee17fd5c80610fe302e9
SHA3-384 hash: 1f7d8e194506ce43700b8e83cc0eadbcb3fa118e6d78d1eb7bc48c40e416161ed1a03c023643f457eaaa793a6b24f208
SHA1 hash: 55097e061dafd75bf9e7813fb7e9c4c2ed141b97
MD5 hash: ec0609eca14b271cb6b11da6360a179f
humanhash: august-uncle-uniform-five
File name:Doc.kr.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-05-13 10:13:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ab3af5e62d5ba14d98be7574ccf4d70d (2 x GuLoader, 1 x FormBook)
ssdeep 768:shKJXYEdK7Nmso+dynmmk4IIH/JJH+WAgSdte+hXPy/wg:a8Imh+wiyHjbhSd0+hXPyo
Threatray 5'111 similar samples on MalwareBazaar
TLSH 8B53C71DEDD4DDBDD22DCBBCCAAA459881196D300DB6CEC3344835E92B33A76A316316
Reporter abuse_ch
Tags:com DHL GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: [134.209.156.135]
Sending IP: 134.209.156.135
From: DHL Customer Support <support@dhl.com>
Reply-To: kens87914@gmail.com
Subject: DHL Shipment Notification
Attachment: Doc.kr.xz (contains "Doc.kr.com")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.km.9837.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 10:36:47 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pt3vj3l4lj3g65rcmybaj34exlx6erh6veao4f75lsagcd7daluq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298
GuLoader
2427c640fc5ca5313c85c5a956571afdb1543d5964d3ce536b61262d73a9eaaa
GuLoader
52e01cac4f5319a7d1177aae77861b4ad8f77b26581d089e948344d0e608b80b
GuLoader
73578e1eff058923a129059d2af27488d57bab07d08c82017fdb0609333f50f5
GuLoader
a14dc3eb54f3876b3a2bfc6e0aa105c832fc5424130c43248995cceda6790133
GuLoader
aebcacef83bf139cf1f922a1c8687449286d661908b9ffbdd7e51866ebde4409
GuLoader
b5ee70ba14a2bcb9936bd64d99ce7b51785ba328b16a0be49d47c10cba17980c
GuLoader
b7853fa1e5921dd495975f697eb17ec18253ac022980855730598ef667ce9c2e
GuLoader
ccfcf14bca2ebfe80aa2c5cfa4cf42330925665faa0b6300098c4d36f1c01695
GuLoader
e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0
GuLoader
+ 5'101 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2vd5v589yx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

xz 481b39b602838d89b0cc2f7faae06647a97a30593c2e7780879461954a59cf8b

GuLoader

Executable exe 7cf754ed7c5a766f7622660204ef84baefe244fea900ee17fd5c80610fe302e9

(this sample)

  
Dropped by
MD5 c8dbd74ad8ed3d08fcd38052e9f4c67e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 481b39b602838d89b0cc2f7faae06647a97a30593c2e7780879461954a59cf8b

Comments