MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a937b882d7884c7b1c92377d8a708cb5e65377c1bc6d6aa923e7183c89da91dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a937b882d7884c7b1c92377d8a708cb5e65377c1bc6d6aa923e7183c89da91dc
SHA3-384 hash: b3f6c53f947c5b53e99d5b1bb1bc44d4cd51244d3201e68618164f91c764f5ce4ef5cd06b46dddfa772919bef93d8e3b
SHA1 hash: 49a9070713b377e421a555a02114dd96f9fe5a9a
MD5 hash: 35ff9c7bbb9a97221549a4aed9609011
humanhash: social-april-bakerloo-zebra
File name:35ff9c7bbb9a97221549a4aed9609011.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:192'512 bytes
First seen:2020-05-28 07:06:34 UTC
Last seen:2020-05-28 08:22:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b8af8ba3b6607c7929b2e7c390265c16 (1 x GuLoader)
ssdeep 1536:iEgNB2S25117OJqR0qy+v143Lgu0cHa5krjvkxTOoF7X8u82BKfc5X:yNBgHNOJqRe+SLIL5KkBH
Threatray 766 similar samples on MalwareBazaar
TLSH 51144C33777ADCA1DA9104B0D8D2D8F41924AC58C51A4D7B72C07F2E36B92879E76B32
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1mmLAEcmLP8rdq5soyzukMJZfOLFYVe02

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5799/
Detection(s):
SecuriteInfo.com.Artemis35FF9C7BBB9A.27426.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 00:30:17 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ead90293cac15537e49f3d31cf728f03b045ea64942d667aa28f037ddd2e219
GuLoader
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
3371cb1ea5c1990f19e0141454e418ba8e30d70c140d5f4cd3e797aa80a9bb9c
GuLoader
3923113cb88b309828ba22527a47080b220a90156b9a33a9dea5900dd75d61bd
GuLoader
419a47639428a866b3e912ebcc265930c34fe4d02f6d715b3cddc2c49a415740
GuLoader
4922e318e729ca1e2cc5c41e64259acb1a5319a6f23a8ccf0b6cda66714026e2
GuLoader
74be8ec7f1c7a53246ebfbf34940e271ce2f12fe3d1beb10c5b6d2f03606739b
GuLoader
a183841ad3d2f5ce88d9361676673b77ea0610abac6c5206eba8f12dd8abb8b1
GuLoader
afa6acb992c2a3a3ee436a4627f8f5e0feed8e6a77dfa4ed6715069f12aef650
GuLoader
c57f7a51f3e98a09dcbc9e292f74933e8bc3795a12ccfb13ee6373421d05d8a1
GuLoader
+ 756 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qnbrszclts/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe a937b882d7884c7b1c92377d8a708cb5e65377c1bc6d6aa923e7183c89da91dc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370268/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5799/

Comments