MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e45056c46daf65e7826480c454e3237df4d5f5d740828df5b5181cfde5eade0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	7e45056c46daf65e7826480c454e3237df4d5f5d740828df5b5181cfde5eade0
SHA3-384 hash:	cb3966b2d098f4a1b0399e5e1fee809b46b5652f36a2bf4762643e750bb6e5fb676adabd351fdb3a5c5c2fa5685dfc91
SHA1 hash:	7f0cc14ae9d94dc5feac9759a29f00b0d5e29403
MD5 hash:	50e9e75ebf7fe204cb3892e5fa00e2fd
humanhash:	iowa-berlin-bulldog-michigan
File name:	kontro-quotation-june-shipment.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	94'208 bytes
First seen:	2020-06-02 11:20:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ad7d5aebfa7ece091765efc755e082c1 (1 x GuLoader)
ssdeep	1536:0aFO8lLd7ReSBnB5lFlSLzwK9wR8erbu4+lZHIP:+SBnDlUzwmZI
Threatray	1'050 similar samples on MalwareBazaar
TLSH	6F9307037FD84501F2B14AB06EBB8299AB25FC294D828A4F354D5D4B7B317629D6C32F
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: samahrazor.com
Sending IP: 182.160.101.162
From: nurul.haque@samahrazor.com
Subject: Request for quotation SAMAH RAZOR ORDER JUNE
Attachment: SCAN-QUOTATION-JUNE-SHIPMENT.arj (contains "kontro-quotation-june-shipment.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1lFbIeySyP7eCKO2WK6a_dXOsuHAH5GKo

Intelligence

File Origin

# of uploads :

1

# of downloads :

69

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6099/

Gathering data

Threat name:

Win32.Trojan.Vbkrypt

Status:

Malicious

First seen:

2020-06-02 02:29:00 UTC

AV detection:

18 of 31 (58.06%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pzcqk3cg3l3f46bgjagektrsg7pu2x25oqecrx23kga47xs6vxqa._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

1403d5f33c1379c32f1cb03b1c72d317b81541532647386e7aef8ba51f4c18c6

7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061

859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a

93dc44981a771519cbdf592c8391ada5234cd2f6c19fc0bb4b3233867db9a345

9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765

acbdc5ee4cfd910a6d94ffee791a5f62631bbf449ee4883bdd3ae6b705b652ee

b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f

b282b41544510e59a40e875239a18b038243be344b1439e19d821eb7622e9230

d213c80671d27596824def5ecb513b07e2118bd110e1230ed68aa4daab49bcc6

ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2

+ 1'040 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-e3hekzn94j/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 1671bb2266525b9cd0451b8c2d2f372652af8c7742a1d1285a96536d68a11ddf

exe 7e45056c46daf65e7826480c454e3237df4d5f5d740828df5b5181cfde5eade0

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/374174/

Dropped by

MD5 e8e0f453d25241c744a6c0ba1cbcbc04

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/6099/

Dropped by

SHA256 1671bb2266525b9cd0451b8c2d2f372652af8c7742a1d1285a96536d68a11ddf

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample