MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0f07c2192956e44619a5bea6c55b3f2d4be7ad9fd86fa1e85f734deaacc05f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	f0f07c2192956e44619a5bea6c55b3f2d4be7ad9fd86fa1e85f734deaacc05f6
SHA3-384 hash:	f9695eeab03ab5fdfed6180b2402dcc670f2025398bd9ccbb434d06dc775465b81e89f138cd51b83ca21a1359ee42942
SHA1 hash:	2067b9b6ea43700b0affb08c2e69eb9a71e7a08d
MD5 hash:	299830c47b000b9aaeacc7ba7de98173
humanhash:	kentucky-delta-green-august
File name:	Shipment Details 10-06-2020Â·pdf.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	65'536 bytes
First seen:	2020-06-10 12:35:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	044d762a71269228bdfeaa38e38b08e8 (1 x GuLoader)
ssdeep	1536:b194d4xRYXT2DAqoQ7J7rbErfZVzwXvH:z4dJXT2DAqoSXEbvSH
Threatray	809 similar samples on MalwareBazaar
TLSH	62537D1F2E0DD59BE1340B7028B295A516779C2D5901BE0B3D8C7F5EE672282BCE722D
Reporter	abuse_ch
Tags:	exe geo GuLoader TNT TUR

abuse_ch

Malspam distributing GuLoader:

HELO: zeus.webex.gr
Sending IP: 46.4.69.158
From: TNT Shipment Notification (Turkey) <shipment@mail.tnt.com>
Subject: No.156902370 için TNT sevkiyat bildirimi
Attachment: Shipment Details 10-06-2020Â·pdf (contains "Shipment Details 10-06-2020Â·pdf.exe")

GuLoader payload URL:
http://bijelizec.hr/download/IFENAYE%20MAIN_sJNduT147.bin

Intelligence

File Origin

# of uploads :

# of downloads :

150

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/7543/

Detection(s):

SecuriteInfo.com.Trojan.Heur2.VP2.em0@amuYBYjb.17630.28515.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Dynamer

Status:

Malicious

First seen:

2020-06-10 11:07:23 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=6dyhyimssvxeiym2lpvgyvnt6lkl46wz7wdpuhuf642n5kwmax3a._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-vebxj72sce/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a64d73a346ecc2fae2b2d0c4a437a004bdb91291b2c724d106e209f6d386cb7e

GuLoader

exe f0f07c2192956e44619a5bea6c55b3f2d4be7ad9fd86fa1e85f734deaacc05f6

(this sample)

Dropped by

MD5 a04d462af27935c65068b7327f4ae2a8

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 a64d73a346ecc2fae2b2d0c4a437a004bdb91291b2c724d106e209f6d386cb7e

Cape

https://www.capesandbox.com/analysis/7543/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample