MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfc1cfcb5119cb196b34e5905578d55e2afd871f2b93f820637e6386168892c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfc1cfcb5119cb196b34e5905578d55e2afd871f2b93f820637e6386168892c5
SHA3-384 hash: e6a94295ca8ae83606697cc6a6ff7e8040c15f55819e5cbf56899c03f69e6a2fb08c357acc56cadceb7897a468930df0
SHA1 hash: 0a976bb8bb2103dc41b9c00f6db1eb05699a9474
MD5 hash: ad147777ba9a06e859227fdb0f0c46b1
humanhash: mockingbird-mirror-dakota-delaware
File name:WJ120200602.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 11:21:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b58d93aeea1b7179c26a88a8ee96dbfd (1 x GuLoader)
ssdeep 1536:7QFO8lLQ8b3BBsb8yx0liLzwKQw5az/gki6nulN0Cz4:TCR+b6lEzwP6Lvz4
Threatray 5'303 similar samples on MalwareBazaar
TLSH D8930843BAD45501F2B28B712EBB82A96F15FC2949429A0F344D6D4B7B317629C6C32F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 한석 이엔지 <yongtae21@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: WJ220200602.cab (contains "WJ120200602.exe")

GuLoader payload URL:
http://ekenefb34logs.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/wj1_KJhrVPL18.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6109/
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 09:59:00 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z7a47s2rdhfrs2zu4wifk6gvlyvp3by7foj7qiddpzrymfuislcq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08fd08ac92e87f077dfa77ab5cbe48dccb7ffc87cd338a6451b884d42fa6306b
GuLoader
28ebdc57f4de0a5f04d5ac0c8f17996d257df911de9900c3e6db1f1e213383b7
GuLoader
2a093b2213d7d589020d69e76fdfd33b441ed125664cb3247d25e9103744011c
GuLoader
30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe
GuLoader
56469fde7730da15f61f83e5aa2370cbe0adabc5d7487bf471fa16ee952d9237
GuLoader
590fde182a154cd89b15d88546d60351b9fecb51e04fbbf4affd8d49a618bd23
GuLoader
9a1bbd02f1dc5ae62f13a00f38067354bf8a754e72e3ebee49a8b6aaa7b7e41f
GuLoader
c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348
GuLoader
d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3
GuLoader
f69e7749b6798b4c4f258eebbedc77992536cc24bef9d1bf3d68315ad16abcf0
GuLoader
+ 5'293 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3p8js47842/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

cab 54455c818b31abd8e0bab5ac7001a2882ef478388b84bfe4c0f13a2c118815d5

GuLoader

Executable exe cfc1cfcb5119cb196b34e5905578d55e2afd871f2b93f820637e6386168892c5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374158/
  
Dropped by
MD5 f1229df02176899f2b03b552dcc336e0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 54455c818b31abd8e0bab5ac7001a2882ef478388b84bfe4c0f13a2c118815d5
Cape
Cape
https://www.capesandbox.com/analysis/6109/

Comments