MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0354582d5557f593b20af48e24ce4b8fdb86f0a3d02d0e02ae752e95d141e977. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	0354582d5557f593b20af48e24ce4b8fdb86f0a3d02d0e02ae752e95d141e977
SHA3-384 hash:	a23ff9bc64a68857e9579dd56a49eb69542164c1343410ef2a70d255f756adfa933019f87ef4c6a8ff4f2d5d1b3ebcca
SHA1 hash:	d69d19e9c9e78ae4dcac42cb0354aa83afac4364
MD5 hash:	c3c050dee62bf00b8f6acb027b6226e4
humanhash:	fish-vermont-zulu-jupiter
File name:	BOE-4596-COVID19-3943.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	77'824 bytes
First seen:	2020-06-08 09:20:02 UTC
Last seen:	2020-06-08 10:22:26 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	970d9013092b4275454c6ab78a641141 (1 x GuLoader)
ssdeep	1536:RQysFY6TjMh/suV0yif+cp0goKK/i9Hjs9:jxuQhBiyiFn/Q
Threatray	1'067 similar samples on MalwareBazaar
TLSH	81739E036804D951F060C371ADD3CBCA66565D1C9D02EE9B7AE56EAFFC706C29CA123D
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: psm91.troy
Sending IP: 2.56.8.190
From: Rosa Caudevilla <facturacion@tesslibrenta.com>
Subject: Fwd: Presupuesto 20182
Attachment: BOE-4596-COVID19-3943.LHA (contains "BOE-4596-COVID19-3943.exe")

GuLoader payload URL:
https://rebrand.ly/ws5cd0s

Intelligence

File Origin

# of uploads :

2

# of downloads :

89

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6961/

Detection(s):

SecuriteInfo.com.Variant.Razy.681950.11306.8633.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-06-08 09:21:04 UTC

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ankfqlkvk72zhmqk6shcjtslr7nyn4fd2awq4avoouxjlukb5f3q._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

95b7bbca4d924be150fb6858b8546d3386d44a8a589a7a60ab1a0961718ee84d

98cbe4d5b07975cd7f0b7a23296b918264585dce46b2c1844a9f52640c03d2a6

b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f

c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5

cffb28f48a39b040f06f0563eaaac0a99f06accf37cc5da95383805c17c583c3

dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d

de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42

e16c2f6e8bad564692abd575007f18e17013e423d7cfe8882872d021ef3439f2

efbf4adb2b50d1284084841e1d5c1deb99a69d979fced2d2a5675fc666e3b76a

f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca

+ 1'057 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-6z987hfgte/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 6db8d489a417844f198aa45d52e632e44bb23ad37e4ecdbf54b39f00a86b8a56

exe 0354582d5557f593b20af48e24ce4b8fdb86f0a3d02d0e02ae752e95d141e977

(this sample)

Dropped by

MD5 810f7f4f8eb193f42833b2734f0301f7

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 6db8d489a417844f198aa45d52e632e44bb23ad37e4ecdbf54b39f00a86b8a56

Cape

Cape

https://www.capesandbox.com/analysis/6961/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample