MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01f8e3741798998e9bd0a8870adba209817eaa9df6a14ab67875e8292a30c028. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01f8e3741798998e9bd0a8870adba209817eaa9df6a14ab67875e8292a30c028
SHA3-384 hash: c56044c9a813b38bf7779150a0a418e392b9f8ef939806ed161a31cdc674c875e18ac2d3969b4858f680f19eac121fb8
SHA1 hash: 66587c45ad8a39ba15c466ffa939e1ea695c4737
MD5 hash: f6bafbd6c391df8d2ebcc0b34817b0bf
humanhash: winner-california-india-emma
File name:Tildesheil8.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 09:20:21 UTC
Last seen:2020-06-08 10:22:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f210cc1805578f55abc6b9599230ac95 (1 x GuLoader)
ssdeep 1536:eysFY6TjMP1lV3J0goKKzogI8NdFBiBT:zxuQdlV5n1gI8NdFBip
Threatray 1'081 similar samples on MalwareBazaar
TLSH AD739F13EC18D552F0808A756DA24B9A26776D245D426EA73B497EEFFC702C22CE131F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm82.hanmail.net
Sending IP: 211.231.106.157
From: 화진인쇄산업 <uniprint@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: file.lzh (contains "Tildesheil8.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21175&authkey=AHjVAhLb3L8b4LQ

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6965/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.4961.23158.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:22:06 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ah4og5axtcmy5g6qvcdqvw5cbgax5ku562quvntyoxucskrqyaua._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935
GuLoader
163b0dbdbeb27d581695908c409f25a926613547da8cc08e844e2a93307bd9aa
GuLoader
60ccdec92b23413b1b5391cb9923931e5b151f0f5877f1f90d730f0fede5f365
GuLoader
6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114
GuLoader
7c8b54cacdd83b95eeabcc825a195e5b46925fc0c91af6bdd9a9c5ff9005e29c
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
c01173f818eaf0ed530c4831f5b61e207498f606c2f61141aaf8ffc1ef62bd28
GuLoader
c8bdfc9eea22464897b3dae7829464348f27a1ff1989cf33d1de95bc0a99527f
GuLoader
ded1a64ebd165901f2a790ab8d7fd0aa3ae2f97738868d2d1add45e033efe738
GuLoader
f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26
GuLoader
+ 1'071 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-gcleba8ycs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ddf093f84d296bc186a06f9cd47aff95c128ac148903087b78a346f053812d1b

GuLoader

Executable exe 01f8e3741798998e9bd0a8870adba209817eaa9df6a14ab67875e8292a30c028

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378994/
  
Dropped by
MD5 ccb99212ae6f5d0a240c62283669ca35
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6965/
  
Dropped by
SHA256 ddf093f84d296bc186a06f9cd47aff95c128ac148903087b78a346f053812d1b

Comments