MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 087b8763410cfb653b46fd2772dbaeeceed7feeded3dad21da2a55ce2df06c7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 087b8763410cfb653b46fd2772dbaeeceed7feeded3dad21da2a55ce2df06c7d
SHA3-384 hash: adadf2dbca1fb135bb4221fb5ed6138756de2db2d3d1da768dfdb827d4b3a07d9ef4a4ac5eced3f30e63b4c4fe76818a
SHA1 hash: 555367f05a54b66bcb07bfcd61263e210a8347b3
MD5 hash: 20ca744953d0f6a721b912b425ea9133
humanhash: fillet-four-lamp-oregon
File name:DHL_AWB# 9284730931.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2020-05-11 20:21:07 UTC
Last seen:2020-05-11 20:47:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0461f340737c71aba22242916387fa19 (1 x GuLoader)
ssdeep 1536:ceXGknBocH6dBYoPU7NgezcdKJj3pAfXTJ:FXnPHSZPU7CY3EX1
Threatray 656 similar samples on MalwareBazaar
TLSH A7C32919B1D0D147C22689F05B619BF846ADFC3466698E03E5C27A2D1B77FC3E22136B
Reporter c_APT_ure
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/3254/
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-09 11:39:25 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bb5yoy2bbt5wko2g7utxfw5o5txnp7xn5u622io2fjk44lpqnr6q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
33b70dd4266c366a2d80bfacb2b1aafdafc74019b0e8a6aa480bd909e73f3a6e
GuLoader
8549ca1816c1f9745ca7e17daa3ff79633b38dbf71f0833056c7610a5b58fdb8
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
a712b0582519003b5c9bb7a971bf030d4fd1331bc0307c2e663138897aea90c1
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
d04823631a46ff51b8048d46e20df15be2d51a3cab1e98076bac20eda76b3385
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 646 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-48ehdzfgej/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/3254/
Cape
Cape
https://www.capesandbox.com/analysis/3253/
Cape
Cape
https://www.capesandbox.com/analysis/3224/
Cape
Cape
https://www.capesandbox.com/analysis/3223/
Cape
Cape
https://www.capesandbox.com/analysis/3218/
Cape
Cape
https://www.capesandbox.com/analysis/3217/

Comments