MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d
SHA3-384 hash: f60f308546a3e9aa5c0456604b19fc8ed761c9bf67f9fa55100d7f3e6ba1ad47305f67bcc95b1c241a3631bbbbf73799
SHA1 hash: 3c34094d1999055a4ae6930b4ddbd1af55ff609c
MD5 hash: 5bf51c025bddd4f88ff2493b7bb3afb0
humanhash: failed-west-blue-fourteen
File name:New P.O #1278.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 09:07:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8ffe9002591d148038ba3af7cbde81be (1 x GuLoader)
ssdeep 1536:mu/UGKSED5Ojc/WugnrRq2s3CIxErai18OMXLb6:mu5KSkOg/2nrQCwL+
Threatray 5'122 similar samples on MalwareBazaar
TLSH FAC3291B75D98CC1EC781EB12C636AA72E36AD2079141F173606F69E67321CA3EF0716
Reporter abuse_ch
Tags:exe GuLoader Outlook


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: NAM04-SN1-obe.outbound.protection.outlook.com
Sending IP: 40.92.11.44
From: larry herman <lher41@hotmail.com>
Subject: RE: New PO
Attachment: New P.O 1278.rar (contains "New P.O #1278.exe")

GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/sean_SgXXorh87.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5672/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:45 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308
GuLoader
50644eb4c3d4ce7aa1074c0096b43b2c4e7aaff4ce9e9a650c62ae934f85c081
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
b596016d60a01e5fb98389d4d8fb68acf6bd7ffd43726c39532da508073a9a3c
GuLoader
be4614de71b42f1015076a3c708c09f911091333bdca1792450eccddc5ab1484
GuLoader
c6aeb4ac138f69e967b712ddf91b7d5b2339e3a97d4fce6f7d48379745e2cb2e
GuLoader
d11cef47f0e97409844b3bc448cfabcfd7f97a4289012ba50e4b7175f5f4c870
GuLoader
e1ef53521aed004fe790b232883a12cb5f241ead4c81718b08ac0150323563d4
GuLoader
+ 5'112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3vnq19fqwn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar dbbe41c4675a9fdd6b457ae507dd46dfb908b00d0aeddf4156e22a4ecf5b8c82

GuLoader

Executable exe 25cafcbe57ac5344ade543948fbba1f8a5b99d424af61a7d4e9d806e7c66f79d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365502/
  
Dropped by
MD5 fb82a0636494a6212bc5bec151de4526
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 dbbe41c4675a9fdd6b457ae507dd46dfb908b00d0aeddf4156e22a4ecf5b8c82
Cape
Cape
https://www.capesandbox.com/analysis/5672/

Comments