MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e78024e5a271686a09ed988baa347a537c0cf49abb6966f434f4d350d06d9115. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e78024e5a271686a09ed988baa347a537c0cf49abb6966f434f4d350d06d9115
SHA3-384 hash: ea754ce620fdae88c4620644ffff9e3e399ccefcbe9cc9993271a472461a4b7f20a11f20e14d6b1677d8ab873466924e
SHA1 hash: eccccb0dd06ed55c7a521df613bdb71107be1262
MD5 hash: dc032fe18afb30cdebebdc31c986408d
humanhash: lemon-equal-hot-lion
File name:prevod_2005220k8YIBRr.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:23:39 UTC
Last seen:2020-05-26 08:15:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash eeff9cf1538a7f3803d81906ef16d965 (1 x GuLoader)
ssdeep 1536:0TtBiSpfp6ZaRIX4pvrBkz4L31RsOXJCI/v:oBZgZqJQkcW
Threatray 460 similar samples on MalwareBazaar
TLSH B2B3D653B8D99DE2DC350BB20C7156A40D36BC252D700F07329DBB5E6E7A2D669F032A
Reporter abuse_ch
Tags:exe geo GuLoader SVK


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.avrasyarulman.com
Sending IP: 185.239.237.91
From: nonstopbanking@vub.sk <nonstopbanking@vub.sk>
Subject: Potvrdenie o zadaní prevodu
Attachment: prevod_2005220k8YIBRr.pdf.img (contains "prevod_2005220k8YIBRr.exe")

GuLoader payload URL:
http://185.205.209.166/wext/n-bin_GuMUo43.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5606/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33903955.3079.22598.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 16:44:10 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e11032c40b88ae18b88c56392c3e7468971f9c0d19a422c1d626bed2133219e
GuLoader
2b1ce8b7b958de2d36f9a47285647550b4dc5abe03b1fcca176237f3bb794faf
GuLoader
5db7e6a9bc7b775eb44e02266ff814ef0cd77dab54afd5fb3398ae56a5e92917
GuLoader
63b3643da0804ac1ddc37ae59c80175a0c22d17ee37e7a0c5cfd3a4d20b7c926
GuLoader
86a315be4e708db92a2991b39cadb2074228c327640a26e019325294eeb1bc3a
GuLoader
b16a20057b577660cec3a602bcfda96f40152aee86d0978babc68b7ca4391942
GuLoader
bc509742fbacb00e1217a18d6b4f1229580f599e947733b4fb1cd047b1eebdf0
GuLoader
c62acb5894988284f4effb5bd8ece3701c9fe7854d865bb75f2eb447556d9c8f
GuLoader
dd8aa999de8ca5f2d08a477f11449bccd20e82867a4fe128c1f01ae8e74c35d4
GuLoader
f8792f04b54ac0d65d9eac7f225bacf9e164ac80409d8f4a4b96e561ab4b0069
GuLoader
+ 450 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-j4j89g9tga/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ab1fe9d087acfb65960bb55c715912a6cf8fc41c89f87f660b1e856429729083

GuLoader

Executable exe e78024e5a271686a09ed988baa347a537c0cf49abb6966f434f4d350d06d9115

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368640/
  
Dropped by
MD5 ed4b21b9418a8da4a5254e8de0729bf5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ab1fe9d087acfb65960bb55c715912a6cf8fc41c89f87f660b1e856429729083
Cape
Cape
https://www.capesandbox.com/analysis/5606/

Comments