MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fb77f025210f6eafed61a9216a3d9df986d352a5594f62547990fc0880e6e43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fb77f025210f6eafed61a9216a3d9df986d352a5594f62547990fc0880e6e43
SHA3-384 hash: 42ea822da6954410f0fea1e6918b4389bdc5511b47b969036c5c03471a41a831000a1ffc2082783868415fc6ffe34e1d
SHA1 hash: 624c15f9064e8bf70c51d911590c7b407cd366d9
MD5 hash: 17322dfa70443b446fafe45e1988991e
humanhash: xray-beer-wisconsin-robert
File name:order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 12:05:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9f237056dcdb7c732df6f502355fa7aa (1 x GuLoader)
ssdeep 1536:L5ysFY6TjMHvGpVrlSZpbUl0goKKKY8osyD:4xuQHv+VlSZpwln5YpD
Threatray 5'127 similar samples on MalwareBazaar
TLSH 72739E036805C692F09183B16D938B8623275D285A025ED77AD95FEFFC34AC36DD532D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Jaeho Lee <ydchoi1@naver.com>
Subject: DOOYOUN CORPORATION Emergency Production Request
Attachment: DOOYOUN CORPORATION Emergency Production Request-pdf.img (contains "order.exe")

GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6993/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.28602.22245.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:29:09 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n63x6asscd3ov7wwdkjbni6z36mg2njkkwkpmjkhteh4bcaonzbq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
netwirerc
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
3707f19a40b8b5196bf6bf35dab58bd6e0b586533f47ee4f803f9f991ec5a77a
GuLoader
3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11
GuLoader
888a2bd11840935e40bcea4cb2adfe57938ac8e0bc2e05c51b575167a469e667
GuLoader
97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
+ 5'117 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-n31v1qazna/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 51487c019cfae8a5221a2607242105521b33563c8f35cc61211926bb5600f8b1

GuLoader

Executable exe 6fb77f025210f6eafed61a9216a3d9df986d352a5594f62547990fc0880e6e43

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378987/
  
Dropped by
MD5 2b830c9623b8a41ca30b1b66259e8a4a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6993/
  
Dropped by
SHA256 51487c019cfae8a5221a2607242105521b33563c8f35cc61211926bb5600f8b1

Comments