MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 099c253dccb7901837a2c6831f902fce96b29e8f801a483a0e2dca2bafd75947. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 099c253dccb7901837a2c6831f902fce96b29e8f801a483a0e2dca2bafd75947
SHA3-384 hash: 76b9a938caf23de396a8e9de36c87331e2950dc86128721fa4abc9cddbf24ea36ac2db2223019cc7dc20612d7b95e423
SHA1 hash: f18a5df73516a6a38b34826d201b7beb117e7e6f
MD5 hash: 66cff1d9238dd61e6a5fca4e8b916a7a
humanhash: low-sad-texas-one
File name:incon.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-09-04 13:26:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 450ef1487b146680a0993621676b8401 (2 x GuLoader)
ssdeep 768:Ku2qFnHFHUz2MBRplz9ErgYNJYkFMyQhP7VYx8jQpl8l6tN7PsUrhsL4:v2qszbrz93BkFMnhPA7vEUN
TLSH 8E73D717DFC9E533D1AF6AF207238658C2E51F351C709A0F7240561F9BBA68E872172A
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
233
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/56048/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/099c253dccb7901837a2c6831f902fce96b29e8f801a483a0e2dca2bafd75947/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-09-04 02:19:49 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bgockpomw6ibqn5cy2br7ebpz2llfhupqaneqoqofxfcxl6xlfdq._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/200904-9ke7te56jj/
Behaviour
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/099c253dccb7901837a2c6831f902fce96b29e8f801a483a0e2dca2bafd75947

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/56048/

Comments