MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8792f04b54ac0d65d9eac7f225bacf9e164ac80409d8f4a4b96e561ab4b0069. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8792f04b54ac0d65d9eac7f225bacf9e164ac80409d8f4a4b96e561ab4b0069
SHA3-384 hash: cccf13f419cb2f1ee5cfabfd39e437495fd92c300e46ff003352554425868f2cfca15aa3c25c01a82b9fe284728703ac
SHA1 hash: 22e393f50ddf9d56fe63f1342fe76cb3d7cc9c86
MD5 hash: 7815e0f103c42a5444864ae6885dbfb4
humanhash: fifteen-eighteen-pluto-spaghetti
File name:TOSSEHOVEDERNEPR.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:25:10 UTC
Last seen:2020-05-26 08:15:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 524a1d5e982c64a8af869367a5a8c22e (1 x GuLoader)
ssdeep 1536:peEcpwn3EkfZe+eCCl/sIWF++R40YLz3Bzjfi:cFpw5sDCClUv9Y/3lK
Threatray 855 similar samples on MalwareBazaar
TLSH A0B3E51279C98DB2EE740BB14A79EAE84D3BBC2519114F03748D774D6A362C8B9F0317
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: portalmw.com
Sending IP: 188.165.128.19
From: Administracion <info@fedizseguros.com>
Reply-To: info@fedizseguros.com
Subject: Factura.
Attachment: FRA2000856.zip (contains "TOSSEHOVEDERNEPR.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1pxcExleULb3wQy5Cn5i2mSITXGnl8KZ1

Intelligence

File Origin
# of uploads :
2
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5611/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCU.14702.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 07:36:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ec3c68f6fa845bcc40ea35365aa204f7e8bdf8010ea20dec2e3ea3f46838e02
GuLoader
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
3667b7518f2634bfd589f12fe1fd6e7ec1701030529dd3ece0b04705e76e5e06
GuLoader
40c27e805186cc26240cbf37d1d2809412c42e2a3610fdff32cf5b8ce35459e2
GuLoader
610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
GuLoader
bbb38a432f7eff2a12b72c3ed853e937fbf5d7b9bd23b9f8ab61beb6bd594c10
GuLoader
c688c6b0f5bd44c8d37e810000892ce8d0e2225f1dd04a92d454fd60c7cdc779
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
da52dddf3fb5de8859dd962bc96eeb267fc4e723682c3defec35672be1441e5e
GuLoader
+ 845 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7xxysbs642/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip cae5e5e548f68866d8203773e07c4f91d544ddcca1a76e8e0e304a8a0c7d95c1

GuLoader

Executable exe f8792f04b54ac0d65d9eac7f225bacf9e164ac80409d8f4a4b96e561ab4b0069

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368659/
  
Dropped by
MD5 c67c0c393170eec4ec597b7fcc827606
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 cae5e5e548f68866d8203773e07c4f91d544ddcca1a76e8e0e304a8a0c7d95c1
Cape
Cape
https://www.capesandbox.com/analysis/5611/

Comments