MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b010a969661be1daa2a2866d318e0a8cdeed8a552eb4f4bd420d156751dfaab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b010a969661be1daa2a2866d318e0a8cdeed8a552eb4f4bd420d156751dfaab
SHA3-384 hash: 322fa001a744ef8e921791c0a0a44b5e2c423ac975104c7c912ff4c4f7db59a700f95e17037b71d218d639a637c1f89b
SHA1 hash: 6f57d677c74b3053f5a4dc202c5bde8e64db3e19
MD5 hash: 9c047ebf4bc8cf9232db0d14af4dbe47
humanhash: ohio-fourteen-twenty-florida
File name:Shipping Docs_pdf.gz.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2020-05-18 05:58:28 UTC
Last seen:2020-05-18 07:11:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a3537adbfeed707ec0e6be22427544cc (2 x GuLoader)
ssdeep 1536:Ghx7dtX3G2MziXT4kDvS4hfRmcAiMLO7uTCXjUvrB0Izbh8+FB+z53+rJV6GfLxu:sx7dtX3iz6v/F0l0WbJB4K6GfU
Threatray 365 similar samples on MalwareBazaar
TLSH B3046C61F9C0AE07D625483E9EE685B89123BD704F11CA0771893F5F3AF7906A632727
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.10493.15185.28869.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-17 23:59:10 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nmaqvfuwmg7b3krkfbtngghavdg65wffklvu6s6uedivm5i57kvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
257e99cfd3593f0ae2b35f2b1a3a8448e1272f9455b7f03ada226b88222c5179
GuLoader
3b13ea61e91a0312f8c187096e435168cee2d2277c46373d01899497345bd0e9
GuLoader
5a44cbe60853b3a9446a1ca10802ee4767cdfca6cf05c7c96ba7799aa91eafee
GuLoader
6a5303bb0ea9067e348cb7bee1db4740682b5a3e37822d09d9b80783f64a5569
GuLoader
6bd0bafbf71604a763081677bfa46355b40bc53d66fd70d46ce65b9232a273e5
GuLoader
72df3f9a494ac0d849ea6ba3917dfc37d7275f170f01348d3fd2ad77fb3d601d
GuLoader
93c327b46d6354a91a9b20311a2f1e1873e132765816ec26443eb1971ccd2946
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c158b8ed8c9a0221bfeb3dea8d026d5bb9bade9ecfd19191ada59c51c8eb4089
GuLoader
ed18e2195e0754a6c2a5073def7ff6a24c7ae245db70d51a87490e9a07c0db5c
GuLoader
+ 355 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3wsfgckeb6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 78caff8a4f7ca46069095397b4565b287c710e5510b8de339c24c0811439f37d

GuLoader

Executable exe 6b010a969661be1daa2a2866d318e0a8cdeed8a552eb4f4bd420d156751dfaab

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 78caff8a4f7ca46069095397b4565b287c710e5510b8de339c24c0811439f37d

Comments