MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66c4b095722a3fedbc6c0279c57615abc384934fbdf91054d7d382ccd2560890. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66c4b095722a3fedbc6c0279c57615abc384934fbdf91054d7d382ccd2560890
SHA3-384 hash: ff6d352d1970ce988ad83423b839a7b7a14b7b7e532ddd5e397122eeb0008dc668af1eb22123fdcc3fe0ea5c8aacf422
SHA1 hash: 89b77085cdf18db0849bf47bb84c9a02eac38ca3
MD5 hash: b4d42b1927a4d35370f8d279037929a4
humanhash: august-oranges-nine-green
File name:Payment Copy.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-22 10:20:45 UTC
Last seen:2020-05-22 10:52:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1da7267f085267e2ee7d09136a66b4bc (1 x GuLoader)
ssdeep 768:wcQFOX4zLlcWlXytiFqTq52/R3NTTfPcMFdvUq5/uXHwxFTTwlv79d4UC9XKF/U:n4cmX6V/R57P/7/uXHoTwUUCMO
Threatray 367 similar samples on MalwareBazaar
TLSH 5AA31A11FA949C52E9C45DF22AA68EB4102FFC7129464F0B70CFB75D2D32E87E52631A
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mx.shi-ig.com
Sending IP: 217.61.123.234
From: jeff@shi-ig.com
Subject: Re:Payment copy
Attachment: Payment Copy.zip (contains "Payment Copy.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1dje1f5MKekSEqm5EHUuqTF-64jLzc6Hn

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.44126.29095.12728.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 19:27:49 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
1e997f4144eb94f184308c7ebe6dbad709cf7151721c563e43a92d52539d4e1d
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
72e0965385eae2d3a2f20feb361ce542235fe44c08991644a0a231f595039e68
GuLoader
9631ffcc8769d5ea6582646908a7a7e795cfee8d4fdaa3f1559deefb45ee6934
GuLoader
a1b6faa0465ec8bf30e3450f9679f121ff9e724257577c38c813b77e82e1f42f
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 357 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-9e1f3eebla/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1b7af0fafc23284ae3389bb487d28a9631e72c7677970ea5f48615be5b6548cc

GuLoader

Executable exe 66c4b095722a3fedbc6c0279c57615abc384934fbdf91054d7d382ccd2560890

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366519/
  
Dropped by
MD5 0404c11054da08695c4e159e71316e6b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1b7af0fafc23284ae3389bb487d28a9631e72c7677970ea5f48615be5b6548cc

Comments