MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 888a2bd11840935e40bcea4cb2adfe57938ac8e0bc2e05c51b575167a469e667. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 888a2bd11840935e40bcea4cb2adfe57938ac8e0bc2e05c51b575167a469e667
SHA3-384 hash: 7c420ce87bc5a1271c8a904592388eb7682964dd73562fa0339a555f89e00f37952150bbaf21948675805a850ff7d7fe
SHA1 hash: 8bbd5f7d74a9d30bd6664af8c16a8e4cc1745440
MD5 hash: 22c9799eddaed72c7a6c2508fdac781c
humanhash: july-vermont-india-early
File name:ARBEJDSPLANLA.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:42:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 020326d1991114306e87f7b843027829 (1 x GuLoader)
ssdeep 768:bK0Lu1aL3mNtlrHBOjiY0Dsf+v9ZTHi6JIwIzruForU0r1h6HucPtoJ4:b1LuRtSeYiQI9ZriaImlc1h6HVPqJ
Threatray 5'125 similar samples on MalwareBazaar
TLSH BA73AF077A04D053E0104BB42CD35AB81B177C683942AE8B61ADBF5FE9727566CEA23C
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Susan Xing XU <Xing_XU@raymondvalve.com>
Subject: Urgent Order from Ray Mondvalve Co, .Ltd
Attachment: RFQ No.THP1403 080620_ Valves.pdf.img (contains "ARBEJDSPLANLA.exe")

GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7261/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:44:07 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rcfcxuiyicjv4qf45jglflp6k6jyvshaxqxalri3k5iwpjdj4ztq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
3f9c00f6723ec4cdc7daedf53e900bfbc4c15bb910415c30ab39e4898c8e211c
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
7a8db6a831edc72a1811ed42f3f0ce72ccb93455284b65dbc374a4298eee52f2
GuLoader
7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11
GuLoader
97e006c5ca29100601289b632e22049f5d8f955c008073fea9791b13cd10849c
GuLoader
c3252ba30dcb997aba042c568bee0ccbca5a818248dae999161a5a26ef7f301f
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
+ 5'115 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2rnvl5xfmn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 12068d70b5c2cac8451a983c1278eb3ebcefdbae5db1ad657ba81e266df56927

GuLoader

Executable exe 888a2bd11840935e40bcea4cb2adfe57938ac8e0bc2e05c51b575167a469e667

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378987/
  
Dropped by
MD5 a4f9a51890c1f5144fb6277a88d2f773
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 12068d70b5c2cac8451a983c1278eb3ebcefdbae5db1ad657ba81e266df56927
Cape
Cape
https://www.capesandbox.com/analysis/7261/

Comments