MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d19cf303057d3c356982205081cf799fb3c1bd5b2e5fa4d471540dcc792d96f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d19cf303057d3c356982205081cf799fb3c1bd5b2e5fa4d471540dcc792d96f6
SHA3-384 hash: c4b0031fdba46f4456a27ee579edb737b85f4c1f9f1558e1ee3447b4f6adfcef064e9a2c639a135d97c6cc071c1153b6
SHA1 hash: b84609caae9f1ef04e1f269a227d97fe1d5c39bb
MD5 hash: 0147e552ee96dcef3346649c4b7b0742
humanhash: social-diet-muppet-spaghetti
File name:PO-096870-Order-Sample&Specifications.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 11:20:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 91a0be46ebca5f8aef3884525052fe41 (1 x GuLoader)
ssdeep 768:Ru5PfBSlVLLndY+5eNYGqM4MzUnJpjilZeiHtn0nE9vlgfdE2:o5PJkhndY+8tqMG5iHp0nE6
Threatray 152 similar samples on MalwareBazaar
TLSH 08B3E80A79C8FCFADC369FB058B8D5600D26ED345C119F873808BB9D29B659F25E031A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm45.hanmail.net
Sending IP: 203.133.180.233
From: sacorp22 <sacorp22@hanmail.net>
Subject: ITS (UK) Ltd: PO-096870-Order-Sample&Specifications
Attachment: PO-096870-Order-SampleSpecifications.img (contains "PO-096870-Order-Sample&Specifications.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1kVi8Wt8a8bx0r0Nv_LSeCQt4ecTdkbEW

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4970/
Detection(s):
Win.Dropper.Fareitvb-7900525-0
Create hunting rule

Win.Malware.Guloader-7900546-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:16 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ae738edd2fc130800042a864210df0111d64cd29953198c644035e9d2679acf
GuLoader
11da12022c4b4fdd9947dce6ccf0cde30cc34a1816f4a4791ce0f298133749ef
GuLoader
437c65b9b088d283a4f8de7395eb28a90b69462c81de7d287ff0f55ea85da219
GuLoader
4675be33b1b3f4b1a348a86088a709b907841e6a6daaa37793c0ed994d40f5ae
GuLoader
74cfeab3123defd40a4efa419fcc77b17178c27b3b70b97972939f7a8d899957
GuLoader
7c808fef514fbb79de397a7c84bd1a2763b3b476c821d7c6f7d05b64501c900f
GuLoader
8630725356bc4afad2815f39d01238d6e10477e04d19b5fcedcafc93c7519683
GuLoader
a7cfec855ead8a33902aab33c3c217fbc6fe9fb372c4c8d0c1aec4b493736bf5
GuLoader
ae7bde3f10afd88b0682c566951715a9d12b6ddee53f4713c1f4a3f6a7391244
GuLoader
ba7bdbafafbe370874a0a1a53e71176f76944663d6a113d5f7a673301c2c22d8
GuLoader
+ 142 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ek8jema6qj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img cc0109f0468f8444d020965fcd2b6dad34fabf5e6b82f7fd45061fadee1e8539

GuLoader

Executable exe d19cf303057d3c356982205081cf799fb3c1bd5b2e5fa4d471540dcc792d96f6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368801/
  
Dropped by
MD5 c8516e56faa06d0a47eac8456e890ac1
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 cc0109f0468f8444d020965fcd2b6dad34fabf5e6b82f7fd45061fadee1e8539
Cape
Cape
https://www.capesandbox.com/analysis/4970/

Comments