MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 150399bdd91521ff244c8c83aa0ebede3560304bcd38a0fd21a189fa34b605da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 150399bdd91521ff244c8c83aa0ebede3560304bcd38a0fd21a189fa34b605da
SHA3-384 hash: 28ec0d41f0fc65cafd2880611025873dc38793efccfcba9954fc35fdf5e04d06a28c4e3921511c4d4a04bf556d84a15f
SHA1 hash: eba9843dc1e63ba951e6658f8f615ed3e996a673
MD5 hash: 4bb5354474f1f978ab2784073dc9974c
humanhash: cardinal-oklahoma-massachusetts-pennsylvania
File name:Facturas Pagadas al Vencimiento.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-05 13:38:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d33e88bf2cc243b45244f02e5cffc64e (1 x GuLoader)
ssdeep 3072:vrdhfv3L+GbE8uZjlWUY1j6ZriFw/e92/WSombAdoYky/C+:v2WqY1jpSombAnky/C
Threatray 849 similar samples on MalwareBazaar
TLSH 26B3831BA959BC2CD1C97EF4BC15A49B17163C14BB44A6BE12D0FBFCB630AA26C11707
Reporter abuse_ch
Tags:BBVA ESP exe geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cpanel1.ibertrix.com
Sending IP: 178.33.117.62
From: Confirming.bbva@bbva.com
Subject: BBVA-Confirming Facturas Pagadas al Vencimiento
Attachment: Facturas Pagadas al Vencimiento.rar (contains "Facturas Pagadas al Vencimiento.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1j0i-yA9UuDa7w5d9WiY_OEyAov_eA8NI

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6690/
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.ELXE.15053.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 13:39:04 UTC
AV detection:
20 of 27 (74.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cubztpozcuq76jcmrsb2udv63y2wamclzu4kb7jbuge7unfwaxna._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
24ebf6b9c1e61b3bdf58d0678683a8cae05860849a4d8b58a089af47a5ef67f7
GuLoader
4320e2bf2bc6115ae79a52777bdd9aef62db691a756640f9c7fa6e8372e46193
GuLoader
4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884
GuLoader
56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652
GuLoader
5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
71042d1c33cb49ff3cfe79416497b82b9f58a7e3179da4a1e5ce0e9a55342935
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dafcce2c7c8accbf547a0eacc1afaa148a751ce7af9b3d8d41ef476c95c9cdb8
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
+ 839 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sbvjhraz66/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

c0bc1ca8e804c530c77868493c898691

GuLoader

Executable exe 150399bdd91521ff244c8c83aa0ebede3560304bcd38a0fd21a189fa34b605da

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382220/
  
Dropped by
MD5 c0bc1ca8e804c530c77868493c898691
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6690/

Comments