MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0df2abd8f3c06aeb38649e78d5771ebc42fc7ff3365673a1234f4c907ae877f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0df2abd8f3c06aeb38649e78d5771ebc42fc7ff3365673a1234f4c907ae877f1
SHA3-384 hash: f6a8a0e958c27fed77d2962741e463b1db0d01eb6ad14644066dcd57bb4386249923010639185815f4d7be216a63bf24
SHA1 hash: 3cfdc7f908dfbd52c260573cce960730c28f31ff
MD5 hash: c8422445c1e562b43ff42c336a5411dc
humanhash: emma-robert-magnesium-one
File name:c8422445c1e562b43ff42c336a5411dc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:28:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2070d1808790fb5e6076a3ea90c6a3b7 (1 x GuLoader)
ssdeep 1536:MBlSPfxV40vBH5vHHmznkgrKHxLdGKc+o0FDHdZ1gIQV17bT1X4pyO:MaPXvB1HHmzXKVdhjFD9zkCpy
Threatray 992 similar samples on MalwareBazaar
TLSH D4B38C03EC4D8553E45487BC3D178EB93A0DA90D09405FEFB13AADDBAE316922CA711E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/n_WrqYItPYE2.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6319/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:21:03 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxzkxwhtybvowodetz4nk5y6xrbpy77tgzlhhijdj5gja6xio7yq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0494c6b3493335509d5fdce6d9592d796e592fee648f42dded58ddc29e3565a1
GuLoader
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
765500e5e5af3c7320a36073ad19d4ba4bd15a21a5c65e2ed61eabfc428244c7
GuLoader
8357fd2e6327d05c86d6e2729b65eafaf756322bc1e7bb7878cf75595c40abe2
GuLoader
8c4a0f5a5739f570edea6dcbb7d5701cc6467ccdf00554a88669aab0f743180e
GuLoader
9dad25bb4c66c85c54da83d5c2ed752ed7c3452863fc4b46bda7cf440fef509b
GuLoader
aef1b48a6c4077dd71346018f0fbbf86239a35f34babf980e4469da9ddbf42ac
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
+ 982 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1ypnkxsenj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 0df2abd8f3c06aeb38649e78d5771ebc42fc7ff3365673a1234f4c907ae877f1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376174/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6319/

Comments