MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a48dec0d80b9fe91920f32ae466525c89452544b3fbf499bf10401ab4119be7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a48dec0d80b9fe91920f32ae466525c89452544b3fbf499bf10401ab4119be7
SHA3-384 hash: 815c0fac494beffa9bd357968cdc439a72aa9a4fcd50b1267c4b8cd37910e864d18d8a23ee1f2e73c65203b154f440b8
SHA1 hash: 0b14748d4be3d3c493224358e435b210c6c1961f
MD5 hash: 9cd087a96eb76c17a5630e9efabbd158
humanhash: michigan-juliet-mexico-connecticut
File name:DISCOVERABL.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 18:26:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 43884e58ec1552f0a21140dfed694513 (1 x GuLoader)
ssdeep 1536:DfWr2ERR9pehwquQAbkqiPWFJjHDOB8oq1QDSmpUO22SMcaXHoI:gt1TiPajHDOLqSDrD28NoI
Threatray 138 similar samples on MalwareBazaar
TLSH 39B3F6967ED0CC71FC724BF60F32C9691C36AD21AD019F077545BB2E2A3A68A38E1355
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "Zamek-Meinhardt " <seafood1@zamek-meinhardt.de>
Subject: New order / 2 trucks smoked trout
Attachment: QPO53804R.RAR (contains "DISCOVERABL.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uGIRxU1Rh8xwS-O5w0Sq1ILPMWoUkKja

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5770/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:07:36 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
13e764a18e1a85dc72ef910f952c660d580da976412e36efedca52e65b5790f4
GuLoader
1743a5e236fbc214c0199172ba07c57b9e171e9865603f9a6b114dfb9ce5c17c
GuLoader
3f0127ee22232724e7bedc05751de652d3e13a9f017ef69e2097f49fcc17b4c2
GuLoader
3f494d2d90c284f08aedea05b57a4eff483d51efe3a7b5cf9ad26c13f2d7e546
GuLoader
739d40c80783a52ae341907b2996cac8a4a51189c176d9e3270a74c3e9d7779b
GuLoader
879e7676629e99b237cfb7781fbeea4442ed20c4c72f1e0a64aa596365c53d40
GuLoader
a183841ad3d2f5ce88d9361676673b77ea0610abac6c5206eba8f12dd8abb8b1
GuLoader
afa6acb992c2a3a3ee436a4627f8f5e0feed8e6a77dfa4ed6715069f12aef650
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ceaa099f2a2de97a363ef5f7cd4e42fc5f362113a470db75d69848e24a52b14c
GuLoader
+ 128 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ettxeh6vta/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 979734bcfa4e7f8856c7ac9e3e7e091297f41db1b8a8d5dd2b30230fc1d775b5

GuLoader

Executable exe 7a48dec0d80b9fe91920f32ae466525c89452544b3fbf499bf10401ab4119be7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369175/
  
Dropped by
MD5 d666b1c059ed5083badcc0713da245e5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 979734bcfa4e7f8856c7ac9e3e7e091297f41db1b8a8d5dd2b30230fc1d775b5
Cape
Cape
https://www.capesandbox.com/analysis/5770/

Comments