MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb137c0c0742c9ed929b15effefaf71351c1a021e9c0f573f864eff7433a5218. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb137c0c0742c9ed929b15effefaf71351c1a021e9c0f573f864eff7433a5218
SHA3-384 hash: df2cef5b7c74fe56c10a9870e5855f5f1e5c8f3109dd553aa3839bfa930353d327312ec1257542204a4db9d0793976b5
SHA1 hash: 802beb2d3e1a7dd660d75aa66b6d8d1d6f7428b3
MD5 hash: 22baf16a4a967e298ef406ddd40b6c8b
humanhash: river-beer-sad-quiet
File name:DHL 8897209547.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-02 11:28:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0d1391a7c6f72c68aa32a7081310bffd (1 x GuLoader)
ssdeep 768:Ng5hc7416N8lBR2zdrQZ9R52wFmuzaBMVpvrboU8Cgo6Nn+/ko:y5FO8lL0UZ9Nz2B4I/Cgo61S
Threatray 1'003 similar samples on MalwareBazaar
TLSH 9D733907AD4A8E62D9A041B42C67C77E3F69BD0C4A861E4B364E6E17FF327616C2D11C
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vps.inebenthe.com
Sending IP: 45.95.169.158
From: DHL Express Cargo <delivery@dhl.com>
Subject: Доставка грузов DHL
Attachment: DHL 8897209547.pdf.iso (contains "DHL 8897209547.pdf.exe")

GuLoader payload URL:
http://vitaltea.co.nz/kidi/bt_qxAIlDSP182.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6126/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:40 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xmjxydahile63eu3cxx756xxcni4dibb5hapk47ymtx7oqz2kima._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604
GuLoader
2c27feaca7c04d48cd54730df7e4c89dc200d18658fd78c6a3388a94f15dca9b
GuLoader
508f200677afcf864fc716ca89f7c840df97a76c6dbe3d58dabd12afb222f550
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
743b0bd67e604e9e69acffcc8c7d56d8294de21c11c1a16cbeea94f82b6e5fa4
GuLoader
aef1b48a6c4077dd71346018f0fbbf86239a35f34babf980e4469da9ddbf42ac
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
f6c4c54e5af63b2b0f393830ddbf2a985289eb9bf6cb8a65ee7d68a79ddeb7f7
GuLoader
+ 993 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6q8a5nk64x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 2c8dc1409bec3f69e4aed762a315b3d5ebd66b6d56c3411054b455f073b8cb30

GuLoader

Executable exe bb137c0c0742c9ed929b15effefaf71351c1a021e9c0f573f864eff7433a5218

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374411/
  
Dropped by
MD5 d909abd8b931eef069e36ff5e31aaf2c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2c8dc1409bec3f69e4aed762a315b3d5ebd66b6d56c3411054b455f073b8cb30
Cape
Cape
https://www.capesandbox.com/analysis/6126/

Comments