MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71
SHA3-384 hash: b870b3817a32c0893ef93c29ab92128ac01c0646126788c4c0f7ef84e5d060ca083c5086f70bbee0124d9400204f7f20
SHA1 hash: 40e2c7af30121ece6404a5e9eac1f2d61868db69
MD5 hash: f7a5672524f45d5967521c7e88390db0
humanhash: bulldog-sierra-september-bacon
File name:ORDER-RFQ-785577_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-08-05 12:07:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash be5cb6f0dd1d4e8bce4a3292e7a682c5 (1 x GuLoader)
ssdeep 768:ZTzx/UVyix5fewYHqWxfYE452QQn4P80sQeKT:Z3xUmwfWxfxmjl7eK
Threatray 1'042 similar samples on MalwareBazaar
TLSH 01833911A084E532F355C3B90F3566FB157EBC705806AF07714A3F2E2E36E1AA9A1327
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: servidor.partteam.pt
Sending IP: 91.198.47.76
From: geral@merchandisemania.com.pt
Subject: RE:ORDER-RFQ-785577
Attachment: ORDER-RFQ-785577_pdf.zip (contains "ORDER-RFQ-785577_pdf.exe")

GuLoader payload URL:
http://smarting.rs/wp-content/alby_mPcwiI58.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/39536/
Detection(s):
SecuriteInfo.com.Fareit-FXXF7A5672524F4.949.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/411147
Signature
Initial sample is a PE file and has a suspicious name
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 12:08:06 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vohiosqqcdlsj2aarndkeyx53xgyqr6fxvpehjrkxzxerlrsj5yq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
1ca43e5c33edbf126b18cd7603f5674dc45c9aa2d34efa41796a8f0f9a08b947
GuLoader
6f47b4825836d58654b05deac55c892825a83e479c406b9b027a0dc6bd8e3938
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
c3b88b1d9c86a4f7cb1ae7c8b91d44d67c9c9e66ea51504c3204eb575a668fea
GuLoader
c8ea056cb229cc17d43217a6aba42320468cfaea55d6f9846b5f402bab6b06d0
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
+ 1'032 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200805-aadffcm8js/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip af2fe994a36b45e788a64bb7048858e988f918cd61908afc9503a4599755cd00

GuLoader

Executable exe ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/424660/
  
Dropped by
MD5 b52266e8eff568d5d913c94626ec313b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/39536/
  
Dropped by
SHA256 af2fe994a36b45e788a64bb7048858e988f918cd61908afc9503a4599755cd00

Comments