MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2
SHA3-384 hash:	5f18f9f1928a29a2b94db4d5d34ee3440b23a6e84c1b2048ec11dba7e5bd974c7fa41188faef828be49ef2a6b7888a79
SHA1 hash:	629a89536b8878ea127445641115fbee4c389f79
MD5 hash:	62fdcadf49865b7fee3d656b481a7f22
humanhash:	cola-bakerloo-mirror-texas
File name:	DHL Consignment Details_pdf.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	94'208 bytes
First seen:	2020-06-02 11:21:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ba3af5a58331da1d924015f8106fa5be (7 x GuLoader)
ssdeep	1536:l2lFO8lLDrSZrKCVl4BSR8OLzwKkwR7738PdGtF:lsSlKCViY8wzwDNg
Threatray	1'296 similar samples on MalwareBazaar
TLSH	B693F6077AD45505F1B24B706EBB82996F25BC2A0D428A4F354D1E4B7B317A2AC6C32F
Reporter	abuse_ch
Tags:	DHL exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: mail0.333.drointernational.casa
Sending IP: 139.59.20.191
From: DHL Express <service@dhl.com>
Subject: DHL Consignment Details
Attachment: DHL Consignment Details_pdf.gz (contains "DHL Consignment Details_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1YltrdOT8vHxS4ZM5Q4wail0B1zCDi1Vx

Intelligence

File Origin

# of uploads :

1

# of downloads :

66

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6104/

Gathering data

Threat name:

Win32.Trojan.Vbkrypt

Status:

Malicious

First seen:

2020-06-02 06:08:35 UTC

AV detection:

19 of 31 (61.29%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=5qzwwd3fj3tv7yhcjme3muco7h2djbvvfaubo2fjo3k6u44ookza._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

0cf9ce17aeee086bf3085133f76a2ec2856900ac84a5dc017bbd0f4d46bbb40f

15c1e154f12ddc60ff879745b0d6356a725bf030a52007841fcb9ac0ebd0a73c

2c27feaca7c04d48cd54730df7e4c89dc200d18658fd78c6a3388a94f15dca9b

36db728736b47a5c1b050ed1255c0244c3f272b9897ef507c6348b61ae6f6e94

6d043b33b33e6baaf7514b9ca56f8dbd8aa57bc71a9040bf438bc780c1a4ad5f

6fe57f40ae9b9edc3998f059efc437b71702b66bfe3e3f61f13c8a89dadfbb56

b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac

b8c463fc8f8137444b55e4cc24564f539bfe17956a7dde1e4cef2a1d3b9a2856

c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011

ecedf83d0be321652070a9a1cace3f1dd67d3c22e39bee061ccc6d1a7fead636

+ 1'286 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-c8xhj4wrzj/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 2ff525a53843f8ecbf0bda6ad669de4b7e6f5dfb60ce065786c2d4b5a13ae3fc

exe ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/374159/

Dropped by

MD5 8b653a723011abca7908aa9ee81fdcf6

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/6104/

Dropped by

SHA256 2ff525a53843f8ecbf0bda6ad669de4b7e6f5dfb60ce065786c2d4b5a13ae3fc

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample