MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37badb60f9862a09e36f6fbad57f97375fccf52cb00dfd2415e5887031753be1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37badb60f9862a09e36f6fbad57f97375fccf52cb00dfd2415e5887031753be1
SHA3-384 hash: 21c0d73d091f7cc8833d029670717758feabbd765983dca852cf5c8b34ad78b2b39fd397b1e5f3b2de42f417f654de59
SHA1 hash: 1823e3f256ab1f3f208a32e7e1a5c474c820dea2
MD5 hash: 919dbcb101b21442f0a9da82c0aa496b
humanhash: jig-georgia-cup-music
File name:listed Product.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-21 10:31:01 UTC
Last seen:2020-05-21 12:24:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f39e8a89b6e5bb3b1da8722c1760eebc (1 x GuLoader)
ssdeep 768:PsLdxDpwe7LNJ6adQXmXfxU8XnCpDctq//Uq1dap67Urh2uvQcc35CNqEpMkf/j:UXDp7XomXfLCpIkRapLQh7Ep3
Threatray 159 similar samples on MalwareBazaar
TLSH F7A33C21B5909C66D9944DF23C5A4BB8546FAC717D228F0770CBBF2D1A33B86BA25307
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: mr Grace <grace.yeboah@movis-ghana.com>
Subject: NEW INQUIRY FOR ORDER
Attachment: listed Product.zip (contains "listed Product.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1aEbAIx0nA_D0lqSvGd-MKFjH73cWlDOK

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.generic.ml.18669.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:50 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g65nwyhzqyvaty3pn65nk74xg5p4z5jmwag72jav4wehamlvhpqq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
007062a34e83708ffb082b43d65c65bb245a5dfb699bd7d455400c1ecf8ca9fb
GuLoader
270b7f2dfa665133fe2d57069e4654b4065d5d919e4b881ab28ec215273bf767
GuLoader
2c70b55a898ef83a75e8558047851e40d839b5a1c151b967797c3c4d2afd350c
GuLoader
4efb9c06d7fbfe766220885b9f1320589cf9ae96a900a935e2d1ef3cfa971a3d
GuLoader
66c4b095722a3fedbc6c0279c57615abc384934fbdf91054d7d382ccd2560890
GuLoader
9f7bac168d783095c28bfe48f9ff40079fde45084dbe9aac78eefa54c4cf15ff
GuLoader
a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14
GuLoader
ce86a2218eff30dae2862d460329e65b67d6828acc82ad220ec584f419c30599
GuLoader
eedbb575580c9efc8e2a065c6713d388094d08b54d7d4e383ff7ee9446646241
GuLoader
f01984aa9f7805e8261655cfad5f92a5e06e48170d6a9fb41e5a2c22bfedec6d
GuLoader
+ 149 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-n1pgj5qh4e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip cdbf5ef388b6a222c784994789b593d2213d1b491aa02963bedf64cac89fba3b

GuLoader

Executable exe 37badb60f9862a09e36f6fbad57f97375fccf52cb00dfd2415e5887031753be1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366137/
  
Dropped by
MD5 58d22ca1e84f9db5d38990e7cef4b76c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 cdbf5ef388b6a222c784994789b593d2213d1b491aa02963bedf64cac89fba3b

Comments