MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 024efdea9bd03882907a3f706a12ba4e889ec2955228fe42ac47257f9212ade8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 024efdea9bd03882907a3f706a12ba4e889ec2955228fe42ac47257f9212ade8
SHA3-384 hash: 0b0ad50f2049e76c7f4207030dbff96cc3af39054236ae4cd3668708bf846fb540e1c82da13924ba5a9b91bddb0fb50e
SHA1 hash: 3e9f363a3ccfdd76efde647aef38196465ae431c
MD5 hash: 75a330fa7015ca929cd4ab373b84eb5b
humanhash: oxygen-cold-may-lactose
File name:COMANDA DE ACHIZITIE IANUARIE 2021 BUCURESTI.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2021-01-18 18:32:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 612baf1adaf4f4b61b2178a7161188fa (4 x GuLoader)
ssdeep 768:NFArytKjMSIYsaZgp79qlVh62lh+N28ZeFsjs/wiGF9GnzoDY5z+Wc:NFAs+gVmKqlq2lh+48Z7js/wiZn8kBw
TLSH 82639E076E88C873D80A4B3C2E239A9C76132C2CD9765F9FD41254BD9934E215FA931B
Reporter abuse_ch
Tags:exe geo GuLoader ROU


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.devbox12.com
Sending IP: 162.249.2.44
From: Dan Andreea <andreea.dan@tecnet.ro>
Subject: COMANDĂ DE ACHIZIȚIE IANUARIE 2021 BUCUREȘTI
Attachment: COMANDA DE ACHIZITIE IANUARIE 2021 BUCURESTI.gz (contains "COMANDA DE ACHIZITIE IANUARIE 2021 BUCURESTI.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1EJpPIgyAnRofJyYxs2NL68l1f2OIahwX

Intelligence

File Origin
# of uploads :
1
# of downloads :
283
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
COMANDA DE ACHIZITIE IANUARIE 2021 BUCURESTI.exe
Verdict:
No threats detected
Analysis date:
2021-01-18 18:57:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ed0e539b-b768-43ab-ac2a-5b2545dba2d0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/112667/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/584139
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/024efdea9bd03882907a3f706a12ba4e889ec2955228fe42ac47257f9212ade8/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 10:21:08 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ajhp32u32a4ifed2h5yguev2j2ej5quvkiup4qvmi4sx7eqsvxua._file
Verdict:
suspicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210118-cws4xmqff2/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
024efdea9bd03882907a3f706a12ba4e889ec2955228fe42ac47257f9212ade8
MD5 hash:
75a330fa7015ca929cd4ab373b84eb5b
SHA1 hash:
3e9f363a3ccfdd76efde647aef38196465ae431c
Link:
https://www.unpac.me/results/08088726-d765-41a8-9b2c-f822313124c0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/024efdea9bd03882907a3f706a12ba4e889ec2955228fe42ac47257f9212ade8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 22073e5afdba0cb0bd4e19686fd55f0f73f28cb997631bebc7b6cc717284eae6

GuLoader

Executable exe 024efdea9bd03882907a3f706a12ba4e889ec2955228fe42ac47257f9212ade8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/970674/
  
Dropped by
MD5 542b54f55c4eec62a5e488b6d60743fc
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/112667/
  
Dropped by
SHA256 22073e5afdba0cb0bd4e19686fd55f0f73f28cb997631bebc7b6cc717284eae6

Comments