MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9ab5be38ab7174e733c55d730b50c0e046dafbca139255af8791800a80cd32e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9ab5be38ab7174e733c55d730b50c0e046dafbca139255af8791800a80cd32e
SHA3-384 hash: 63a9f5eefbc46ad55faa8ea508c9b82a48ade47b464a4861b7649795a7191047194a3210bb603269e648ea5b941e1910
SHA1 hash: 29e74652d9f22a26739f1db2d57f2b5f7703a2be
MD5 hash: 847ebd813c7d0688342c79fc8395f8f5
humanhash: sad-florida-nitrogen-saturn
File name:WJ3PO20200527.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:15:18 UTC
Last seen:2020-05-27 17:50:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ae60e3a673a36957b005b760e011cf88 (1 x GuLoader)
ssdeep 1536:swB/kOpPWSGRi246ib19jkuH33QzipmvHIsW:pB/9Ps73odHnQjvov
Threatray 268 similar samples on MalwareBazaar
TLSH B0B3E65B72D0EC72DC358F72187195782D36EE3839016B07B581B76E3C725DA28E1B2A
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm44.hanmail.net
Sending IP: 203.133.180.232
From: 무소의 뿔처럼 <mj2919@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: file.xls.img (contains "WJ3PO20200527.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1cBAwAGwis_WSHsWgU-xx-UBisxwt2yB5

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5743/
Detection(s):
SecuriteInfo.com.Variant.Ursu.879400.18450.20361.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:37:05 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2
GuLoader
0c8569e4304f46352b041dcb692f85c9e195130db2013d4f2216130603478035
GuLoader
1d36ad7531393b119ef8e73253874e7af0f22f20a8072797d6ff243e7bb66bb8
GuLoader
25d19c2c3cb08b7634e2bc8ec87f05765bca558e74899c9e71e576d23cd70266
GuLoader
431a34f1ab6dec2c646b408b9b5ce091882244fde39498484fc0c73390d8f7f0
GuLoader
5a5b328942673d86edf79078433db7e953cb5665087b33f1be3b463fb775ddf1
GuLoader
8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be
GuLoader
a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
e6424f9012e6a4baa96bb4fff1ba8a3a85f0b2565218e848f30492eedc7fda51
GuLoader
+ 258 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fs1v9dc5c2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 510fcb054b0a6141df87d6c3b7512ca669596a1ecbf47df11605b331f1f17324

GuLoader

Executable exe c9ab5be38ab7174e733c55d730b50c0e046dafbca139255af8791800a80cd32e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369930/
  
Dropped by
MD5 0dfd24e53af8021c269c6c5331ffe120
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 510fcb054b0a6141df87d6c3b7512ca669596a1ecbf47df11605b331f1f17324
Cape
Cape
https://www.capesandbox.com/analysis/5743/

Comments