MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0a562dd58403b273a4f7044aedf26617c9cee21113d97ddaddd9cff2a9f6597. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	d0a562dd58403b273a4f7044aedf26617c9cee21113d97ddaddd9cff2a9f6597
SHA3-384 hash:	b0710ceba674750c3163edf14ddaf6075a847efacd4e1c74cb5199a8106ecf34e7c37d74dde2466a0d510373f91bab5d
SHA1 hash:	3c9407f45fbc7a523b2c4aeeab56fe7c5c6da37a
MD5 hash:	8c69afb285f1962154e7a38ac685392a
humanhash:	solar-lemon-floor-glucose
File name:	DHL_AWB# 9284730931.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	110'592 bytes
First seen:	2020-06-03 13:04:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e35dc86042b9c1e168256b70a28cd2ce (1 x GuLoader)
ssdeep	1536:+qSPfxV40eFwlx/vYkgrKHxLdGKc+o0FDHdZ1gI9iZkddjgGl8gQu:+bPXemnKKVdhjFD9zRVTQu
Threatray	1'276 similar samples on MalwareBazaar
TLSH	C6B38B03ED4D8953D1244BBD2D578E793B1DB81D4D006BEF7139AE9BAD322422CAB11E
Reporter	abuse_ch
Tags:	DHL exe GuLoader

abuse_ch

Malspam distributing GuLoader:

From: DHL Express<eawb@iddhl.com>
Subject: EAWB Notification
Attachment: DHL_AWB 9284730931.rar (contains "DHL_AWB# 9284730931.exe")

GuLoader payload URL:
https://qif.ac.ke/flow_AoGPhiVz245.bin

Intelligence

File Origin

# of uploads :

1

# of downloads :

62

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6273/

Detection(s):

Win.Dropper.NetWire-7996875-0

Win.Malware.Razy-7997182-0

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-06-03 03:32:32 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

22 of 31 (70.97%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=2cswfxkyia5soospobck5xzgmf6jz3rbce6zpxnn3wop6ku7mwlq._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

1acd132956421229e7c8fabb1001381956ff135d042b339f2871763498896d9e

33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a

3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e

692b099cb8eb863730179f28207ebf5579edd501a43c09fa3b9e177191840d27

77b78883671d865b91db205f68f7e5e69c9ad68687f8696f390a9b4b1449090c

8797d399b8d6448ae58dfb5c4c5d21aac717fab0b4629cd78748a8239ba87cd9

897c29c75ae58e4057c0d32c3704469a7ecfa4878f5d0c60ad8abe2fa821b0b0

a488990c82230074fdf4f22a014a8f05dbb2bdc055c096c4d4a28b3a8055a648

ad8132d2a341bf731c105eed4dea2357f5ab516c085550294593a2e41f34ebc4

f9389b3ae99666514bbe467217ebd46597e6d2e919f105697a152afe1da73e18

+ 1'266 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-yv4ll7lsz2/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 370a2356dcf7203803228281e9d74e3fe927e0caea187aea5f4b7012c54a8829

exe d0a562dd58403b273a4f7044aedf26617c9cee21113d97ddaddd9cff2a9f6597

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/365459/

Dropped by

MD5 50fc3ab7923334937907c04f50791c00

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 370a2356dcf7203803228281e9d74e3fe927e0caea187aea5f4b7012c54a8829

Cape

Cape

https://www.capesandbox.com/analysis/6273/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample