MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3707f19a40b8b5196bf6bf35dab58bd6e0b586533f47ee4f803f9f991ec5a77a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3707f19a40b8b5196bf6bf35dab58bd6e0b586533f47ee4f803f9f991ec5a77a
SHA3-384 hash: e6cb9758563c826b6b93bfd9fd9f4383526b0e3042936460029571805a1b59e89c08bc820bc80bbdca9ed43d71d9ff1f
SHA1 hash: d19043568af9dd1eed8483008554ac4804b91f0b
MD5 hash: 01df8b9eb4bbc9b9179c997b1fa68ea4
humanhash: avocado-charlie-happy-salami
File name:order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 12:05:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 659a9b99c928dddfcaf2d1c23a062496 (1 x GuLoader)
ssdeep 768:geysfNpuRnnPilTjATM7pscXayn+mGLdBdB65ISvTkRXQJtEWx4Be3KOa2jLUzHd:geysFY6TjMOOYST2ISv0goKKmjLJa
Threatray 5'132 similar samples on MalwareBazaar
TLSH F6739F036C04CA51F04186F0ACA38E9A175B59295D426FE73A5A6F9FEC31BC25CF931D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Jaeho Lee <ydchoi1@naver.com>
Subject: DOOYOUN CORPORATION Emergency Production Request
Attachment: RFQ_DOOYOUN CORPORATION 긴급 ìƒ ì‚° 요청-pdf.img (contains "order.exe")

GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6989/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.14564.14799.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:31:42 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g4d7dgsaxc2rs27wx425vnml23qllbsth5d64t4ah6pzshwfu55a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
5962532a97c0efd1227d42aeddeacf09c0f8c8787e476e650d71ceed4ed52d97
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7a8db6a831edc72a1811ed42f3f0ce72ccb93455284b65dbc374a4298eee52f2
GuLoader
7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11
GuLoader
97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
+ 5'122 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-l2av2atjne/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c8d9417b763ac5b1d32e529536a14db3fe8bed0e20e73957035abf1399c93a67

GuLoader

Executable exe 3707f19a40b8b5196bf6bf35dab58bd6e0b586533f47ee4f803f9f991ec5a77a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378987/
  
Dropped by
MD5 84048a12eac8c59b730d398a9a6efaf5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c8d9417b763ac5b1d32e529536a14db3fe8bed0e20e73957035abf1399c93a67
Cape
Cape
https://www.capesandbox.com/analysis/6989/

Comments