MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c
SHA3-384 hash: 910ba9c16a75cc1c5e923d5ef87f1f8a797627d35edda7bc63edcd4489e48a9f63863884558736982684e47320e76dec
SHA1 hash: 2030649abef396e56e7851db20646dee698a1294
MD5 hash: f37fb8fe84da6c3281630156914bad1a
humanhash: bacon-hawaii-ten-saturn
File name:order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:42:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 998628ecc871de7865ee4450f53c72e4 (1 x GuLoader)
ssdeep 768:bCzu1aL3mNtlrHBOj9ZZUmArXZTHi6Juq061uFYrDvbmB4pvJuSI35fIQ:b4uRtS1UdrXZria506AOjmB8vJuSy5A
Threatray 5'125 similar samples on MalwareBazaar
TLSH 4D738F1B7A04D253D05046706C638FA81B1BBC384982AECB758EEF5FE9757536CA923C
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Susan Xing XU <Xing_XU@raymondvalve.com>
Subject: Urgent Order from Ray Mondvalve Co, .Ltd
Attachment: DRAWING-00334.pdf.img (contains "order.exe")

GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7260/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 05:08:58 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h6oab5tsh3cm3r625x2t5eal7pcmcw5zcbavymflhhsitdeoeeoa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
5962532a97c0efd1227d42aeddeacf09c0f8c8787e476e650d71ceed4ed52d97
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7a8db6a831edc72a1811ed42f3f0ce72ccb93455284b65dbc374a4298eee52f2
GuLoader
7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11
GuLoader
97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
+ 5'115 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-t55das7w36/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img f13dc174371ad31972cd4c6dbaa7c649ca896919901bdfb880d51abf5bc1d751

GuLoader

Executable exe 3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378987/
  
Dropped by
MD5 7fa66d47d2dfabc46a111bdf0f30e18f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f13dc174371ad31972cd4c6dbaa7c649ca896919901bdfb880d51abf5bc1d751
Cape
Cape
https://www.capesandbox.com/analysis/7260/

Comments