MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df8b72fbc5b86764cdbd998a0cbdbe404f3253f1a51029d5b46a778feb4839a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df8b72fbc5b86764cdbd998a0cbdbe404f3253f1a51029d5b46a778feb4839a1
SHA3-384 hash: 99c14d7c2a81646d4c21c0994fedba8deb8406bd06a52e6284491566f3f3f80bc96ad1da817cd8fe25271c80f2fad771
SHA1 hash: e0a22054513d1a06025b0743fc7e9e73855f4a36
MD5 hash: 770d837c7e7f3d06bea7447361bc62ec
humanhash: oklahoma-connecticut-music-butter
File name:RFQ.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 15:18:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cdf742d672713ff7d0796ae46db5fea1 (1 x GuLoader)
ssdeep 768:vysfNpuRnnPilTjATM3+mQPLqEW0QLHDTmsUAXTkRXQJtEWx4Be3KOGUSzHgBIDh:vysFY6TjMCQz6pHDTmsUAX0goKKrUqh
Threatray 5'100 similar samples on MalwareBazaar
TLSH 7173AE13AC04CA71F04046B16CD7EB6E6B176E285C456EA73A552FAFEC706C26CE431E
Reporter abuse_ch
Tags:exe geo GuLoader TUR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: rizzy.us
Sending IP: 103.133.106.94
From: İSKEN - SUGÖZÜ POWER PLANT <dragonsport@rizzy.us>
Subject: RE: Urgent Request Quotation(New Contact)
Attachment: RFQ-POWER PLANT.IMG (contains "RFQ.exe")

GuLoader payload URL:
http://23.227.201.165/bin_ccEfcWDu31.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7090/
Detection(s):
Win.Downloader.NetWire-8010885-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 13:16:37 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=36fxf66fxbtwjtn5tgfazpn6ibhteu7ruuictvnunj3y722ihgqq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
116078d29890c8b0d748b2f2709d2768f7ad9ac04688db1f44189f019f62050f
GuLoader
56b9fd1bd9c1f7466020c1c2fed5d4bbbf1394c711921e91d8dc74fd7c6862a1
GuLoader
7aaba6dcdbb2649a4beeb5e877f26e4ff90aa1c59cb289620dc0098ec88cc663
GuLoader
7f7f93ae7c3ce6bd7d154c2e2188bd39c7d511df8fc890e46085afc34acdba2b
GuLoader
8347dcd8992d73ce59c612f2c59381d084fb88fbf2d30f167e95c8ddd4818dad
GuLoader
89c61ae874590337a9538aeae605e8350af374e4c442a46f487f44b11d532915
GuLoader
a58e85fa61d98c70d0f6bf421b73cf73709f36e77578fd52fc05cc85b4dd5419
GuLoader
d338523f3836e958ad511ae3cca005a255a43bcc684174bf5928246fd477f2cc
GuLoader
dfa8fa537be02efde6add76862693fb2f099e3339798cc1d05a2feff5409ab86
GuLoader
f68b09a8adc07e084eda2fa581e9111716bb34bcba0565da70bda46860ce7c64
GuLoader
+ 5'090 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wtdzgm79q2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 31e0139edda9525475892f80310f134fa9af7e54a0e84253e45f4c7e7afdde22

GuLoader

Executable exe df8b72fbc5b86764cdbd998a0cbdbe404f3253f1a51029d5b46a778feb4839a1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383080/
  
Dropped by
MD5 8edb30878cac02e61afd4d2a6d022e7d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 31e0139edda9525475892f80310f134fa9af7e54a0e84253e45f4c7e7afdde22
Cape
Cape
https://www.capesandbox.com/analysis/7090/

Comments