MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83e4ae7f04653b03a31836d92b1d70b1d9264a2fe7a4570cf39f4be1bf134e2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83e4ae7f04653b03a31836d92b1d70b1d9264a2fe7a4570cf39f4be1bf134e2b
SHA3-384 hash: e6e51e8525ddb6302e7656182d8ecbac1be9354152e4154b4dfe0ee1ab3de4ef0cdd0fc8c0eb9c5faa43f6340ad13bff
SHA1 hash: d1d7badd885b824b212be62c7caa7ff33d419d05
MD5 hash: 8fab6753620475b356fb55cb3339aa8f
humanhash: violet-oklahoma-mango-avocado
File name:DHL.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2021-09-24 18:31:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 48a41634a91a3d58d7574e90175db383 (1 x GuLoader)
ssdeep 3072:gGFZ3bD6eWdxHrDZ9PM/zw0q8Lwtp1eW:gmqJlr19Pp0q8ctTe
Threatray 5'613 similar samples on MalwareBazaar
TLSH T112E33701BED7AD7FC049E534012DCDAE4129AC554BDA0E46BBBD32AB2CF619D3836309
File icon (PE):PE icon
dhash icon 8eb069696169f8c4 (1 x ModiLoader, 1 x GuLoader)
Reporter abuse_ch
Tags:com DHL exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DHL.com
Verdict:
No threats detected
Analysis date:
2021-09-24 18:41:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f2c8bd97-4cd1-4b9f-be83-421a62a3ce8e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/191249/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.13741.6959.UNOFFICIAL
Create hunting rule

Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c33b5d5c-5026-4049-b23d-efe95e8d513e
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad.phis.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/857583
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 490026 Sample: DHL.com Startdate: 24/09/2021 Architecture: WINDOWS Score: 100 13 Found malware configuration 2->13 15 Multi AV Scanner detection for submitted file 2->15 17 GuLoader behavior detected 2->17 19 5 other signatures 2->19 6 DHL.exe 1 2->6         started        process3 signatures4 21 Writes to foreign memory regions 6->21 23 Tries to detect Any.run 6->23 25 Hides threads from debuggers 6->25 9 ieinstal.exe 6->9         started        11 ieinstal.exe 6->11         started        process5
Detection:
guloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/83e4ae7f04653b03a31836d92b1d70b1d9264a2fe7a4570cf39f4be1bf134e2b/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2021-09-24 03:50:55 UTC
AV detection:
15 of 45 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qpsk47yemu5qhiyyg3mswhlqwhmsmsrp46sfodhtt5f6dpytjyvq._file
Verdict:
malicious
Similar samples:
0e312eccc907155b510e531e9519ede3e44ee79a67cb5dba0f3a0c39e9a3d083
GuLoader
414a14294a3c88613f1480a69fa0d7cf3dfbb83eedd5ef0acc3ad39f6e01ee65
GuLoader
4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063
GuLoader
4db943d3621a557370a3585cd61db3f9835c65f350a2284c9d5f3024adb0ff07
GuLoader
815b5f62adb35607df07859bfd1b75763bf525643e7f21d5a0f8803dd0e86be4
GuLoader
8653a11ee811265418a3b6f12945c585b77aea72f02b2d80f481c1100d895299
GuLoader
a76f692240be874358bd241860d2f492eca687f44e0bffade3b631ccf142117d
GuLoader
ca38bc5a74167b7931db40cb00e670773b696df8c2df0d17761b38a99d40941a
GuLoader
d9040bf8ad755cd41dc6266c0e0049f4bac0eaa23f18a26931357fe21c719701
GuLoader
f6083599947328d2637adb3cb9810fefd0d9195c504dc2e081fcfca776090c2b
GuLoader
+ 5'603 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210924-w6mfdahefp/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent file
Guloader,Cloudeye
Unpacked files
SH256 hash:
83e4ae7f04653b03a31836d92b1d70b1d9264a2fe7a4570cf39f4be1bf134e2b
MD5 hash:
8fab6753620475b356fb55cb3339aa8f
SHA1 hash:
d1d7badd885b824b212be62c7caa7ff33d419d05
Link:
https://www.unpac.me/results/d663064f-a3d6-43f4-9ca8-29a911042026/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/83e4ae7f04653b03a31836d92b1d70b1d9264a2fe7a4570cf39f4be1bf134e2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/191249/

Comments