MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18e748742879005f647c8928a776023d2a11aa865f34b6ee75adfa5a2abfebfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments 1

SHA256 hash:	18e748742879005f647c8928a776023d2a11aa865f34b6ee75adfa5a2abfebfe
SHA3-384 hash:	5a98f637be18dc438d3bb3c1efe2b931549ab6ccdcbee3d258c89f8b868e36ea945bc126ebda165e432cf6d3585aff45
SHA1 hash:	ccf59429782e49d5ae1a753c4369465582403f25
MD5 hash:	1db6b268cfcfb4d76aa9eeff46df8c83
humanhash:	sodium-grey-ceiling-wisconsin
File name:	PLanilla de Facturacion Mensual 2020.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	114'688 bytes
First seen:	2020-05-26 13:44:50 UTC
Last seen:	2020-05-26 15:24:23 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5403d65e3cd6d9c48854c0bbb2738e19 (1 x GuLoader)
ssdeep	768:L9tj+H/mh6dHBopnYTxx9xaKLoGBrhiyHU4m0h2157VY9ihoN8ZvA8ENrAAAY:JcH/mh6dhVretAtiyHU4mTVQ9N8ZvOj
Threatray	5'082 similar samples on MalwareBazaar
TLSH	E1B3D81378A48D73D82C8AB25CF2D5905D6AEC907D520B037685FA6E39763CB6DE430E
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.220
From: Julieta Campitelli <JCampiteli@newtral.com.ar>
Subject: PLANILLA DE FACTURACION HASTA ABRIL 2020
Attachment: PLanilla de Facturacion Mensual 2020.img (contains "PLanilla de Facturacion Mensual 2020.exe")

GuLoader payload URL:
http://kuroilersuganda.com/indaboski_IuQSk59.bin

Intelligence

File Origin

# of uploads :

2

# of downloads :

75

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Formbook

Link:

https://www.capesandbox.com/analysis/4952/

Detection(s):

SecuriteInfo.com.Gen.NN.ZevbaCO.34122.hm0@a0Y0kJkb.15568.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-05-26 14:35:53 UTC

AV detection:

23 of 31 (74.19%)

Threat level:

2/5

Verdict:

malicious

Label(s):

guloader

Similar samples:

043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42

11124347d4a19a4f709bb4ebb2f9c12873f4f079ef3d5e60e18fa9a975302c70

27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20

3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b

8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741

a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6

a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091

addd4ba4b4aa754501d638cbbf3c78bec538ca15a72acb5eadc7babfaecfa350

b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893

e825c5b9c196015372cc2153f670cdfec42827fe20aff62c5d493b67fd9c92f1

+ 5'072 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-m214kh7fln/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 6afa5374e2759faac39a03f832729eb174af5fca53415ac98bb32ba74a33e6bd

exe 18e748742879005f647c8928a776023d2a11aa865f34b6ee75adfa5a2abfebfe

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/369188/

Dropped by

MD5 a3c7a81fc44f16026d2703fa2f958430

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 6afa5374e2759faac39a03f832729eb174af5fca53415ac98bb32ba74a33e6bd

Cape

Cape

https://www.capesandbox.com/analysis/4952/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

CAPE Sandbox commented on 2020-05-27 05:51:36 UTC

#Formbook

https://capesandbox.com/analysis/4952/