MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c050e689ec019b70e40c7daf3612b6204d8266d83fd8d50358e96f550771360. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c050e689ec019b70e40c7daf3612b6204d8266d83fd8d50358e96f550771360
SHA3-384 hash: 0fc6ebfd1c4643dd3d06765172a5500b6f4849c7135d236d2c9de5d6a7e83f2b24eeff9450adafb2edab4b8ed5a5cf04
SHA1 hash: d4bb4a0fc32ef3abb600541c8452b358c9548acb
MD5 hash: be0d7eee0eba468510e0c565c1817a3a
humanhash: avocado-mexico-don-mirror
File name:Original Shipping Document with Way Bill NO 90082_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:35:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4c3d7242db0ca96fbee398a5302f4094 (1 x GuLoader)
ssdeep 1536:/pqlFsPbRSAqiRBYsc79luHzm+wiyWlamRUwQWvwavpo6J:vX49luHzOinlzJ3oy
Threatray 201 similar samples on MalwareBazaar
TLSH 83B31A0779E68CB3EE348FB109729AA11D3A7C716C105F5B3502B72D26332897AF2725
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: s1.smallhost.in
Sending IP: 103.46.239.70
From: DHL EXPRESS <express@dhl.com>
Subject: Original Shipment Document For Pickup/AWB NO: 907853880911
Attachment: Original Shipping Document with Way Bill NO 90082_zip.arj (contains "Original Shipping Document with Way Bill NO 90082_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1IJ3rKMD1U00L3LYZ8F-LmYkhMYNmi8s2

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5080/
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 19:59:00 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1001c873070cced8d9bb50e6f38cb0bdf9aa60eec13216df00297616a8c0acc0
GuLoader
28de8f6722499072f48c519ac1b2f318f56f1a800fb3db515d0700d5f4b1db50
GuLoader
7a48dec0d80b9fe91920f32ae466525c89452544b3fbf499bf10401ab4119be7
GuLoader
7c3f51dbc6e2a20b4042e6f4284c7ffafc37b8238d929fef10efc50794fbad3a
GuLoader
893033ccdb5795d90f5cad3d4e2121307a9f18b05f74c39970395a2f1a6a40ec
GuLoader
a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
e66219732fabf171e2e8261670f2dfc8973a88ec891693442484f64b6edd3336
GuLoader
eddacc373c3a12d02cfb1398299eaa3bbb815e090eb8640883dbc67adcd23a80
GuLoader
f5a50a90c27cf750df26867951d71dca1d8d7c80505c484446173be314f89443
GuLoader
+ 191 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ht6h28rzmn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 232aae377f8f6ce0a8364ed8ef56cfad9277bb39bc29d108f36ec347ec04a583

GuLoader

Executable exe 9c050e689ec019b70e40c7daf3612b6204d8266d83fd8d50358e96f550771360

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369984/
  
Dropped by
MD5 c70a808ba84bed10cb23f5941e0aa060
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 232aae377f8f6ce0a8364ed8ef56cfad9277bb39bc29d108f36ec347ec04a583
Cape
Cape
https://www.capesandbox.com/analysis/5080/
Cape
Cape
https://www.capesandbox.com/analysis/5067/

Comments