MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2f169c37561f240ad256ef7a43adb4d6e9d752f8d5f364ff294820c79edd313. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2f169c37561f240ad256ef7a43adb4d6e9d752f8d5f364ff294820c79edd313
SHA3-384 hash: 0b432532be620ca9ffe30f47fafe40db56b38fefb3d9ea8c96ceb3fa615238ade34ece43fec28a58539913c447bfdf9d
SHA1 hash: 60b66a153d5cb47b125ac3c26fa61ddb44ac5fc4
MD5 hash: fb448e042d64304bd75b0a7eaa88d9c6
humanhash: dakota-bluebird-alanine-romeo
File name:DHL-Shipment-Notification#766474849_feb.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2021-02-22 07:30:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3f0d3842f1f621625b7b4016e6be4558 (2 x GuLoader)
ssdeep 1536:fWWTwV4fVhu5+zCGdJL1wTbagPJR+PbqDRJlVuxVQwV4MjW:TwVUPLCGdZ1YmgzWbiRHVQqwV
Threatray 1'678 similar samples on MalwareBazaar
TLSH A9E317A2619AF897E05541335A1D9BF88D709D2B19307803739D3A1F2B39ACD57F03AB
Reporter abuse_ch
Tags:DHL exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.sayyess.uno
Sending IP: 62.108.35.214
From: DHL | Global | Express <admin@sayyess.uno>
Subject: DHL Express Shipment Notification #88377493
Attachment: DHL-Shipment-Notification766474849_feb.rar (contains "DHL-Shipment-Notification#766474849_feb.exe")

GuLoader payload URL:
https://waeorat-71.tk/admin/MuNwgeCO242.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/118246/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/613733
Signature
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d2f169c37561f240ad256ef7a43adb4d6e9d752f8d5f364ff294820c79edd313/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2lywtq3vmhzebljfn332iow3jvxj25jprvptmt7sssbay6pn2mjq._file
Verdict:
unknown
Similar samples:
0cb0059baf3983db9857ea71e6bff0a572c42b2badd00bffe78ff1fdf6a1c007
GuLoader
1a4407fd45881091495f927612c7be23ab6de71949e4192cdc58154986d2c827
GuLoader
3d4b5ca6cf89ed481dee43c1b33dfd03c0863631efbbce57f1d678341f827872
GuLoader
79f98a45cdf0776c1ae83a4b027ded395fe8dfc4b520f51706fc7207b1e4c630
GuLoader
922b6743cac4c11fded552f01d08fcde42b75b9a59d1c9ec119c0c26efab772d
GuLoader
ad5041c1b23fcd40d3eee9484b7b1de36f3a0f88154f17271808afe7160b4579
GuLoader
c2dd8076e0be5f411f0677f1e03f7fc9cdae5df7072200d894e7247b4a5f5a2c
GuLoader
cb3e82e9c93c6b7b44dd782d26d22ad26f323176f8662642397d6d271754768d
GuLoader
e1c6e44bb03c1cdab3844b42f46634bd578f896373e9467ca2b8d092d047eb71
GuLoader
fbfebf420c076687262aa7a863151825402349231fe15f6ea52e680f19b11cfb
GuLoader
+ 1'668 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210222-hxtxy5cr8s/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
d2f169c37561f240ad256ef7a43adb4d6e9d752f8d5f364ff294820c79edd313
MD5 hash:
fb448e042d64304bd75b0a7eaa88d9c6
SHA1 hash:
60b66a153d5cb47b125ac3c26fa61ddb44ac5fc4
Link:
https://www.unpac.me/results/5e8b1fbc-4759-41f1-8a22-598f3808d4bb/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar dff3d3a329c55bca185c50771b4052af96e2c700d9fa19284e1ea18248f54a8c

GuLoader

Executable exe d2f169c37561f240ad256ef7a43adb4d6e9d752f8d5f364ff294820c79edd313

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1023472/
  
Dropped by
MD5 0fadf74124b604201ba469d82ab4287a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/118246/
  
Dropped by
SHA256 dff3d3a329c55bca185c50771b4052af96e2c700d9fa19284e1ea18248f54a8c

Comments