MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 150bc84103a182333fa76ebdbc55769240877076252dea1e3ff398272019ce4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 150bc84103a182333fa76ebdbc55769240877076252dea1e3ff398272019ce4a
SHA3-384 hash: 3bc618fe142635beaa7899246f3e0f72e88b953c05ace052e5cc78c8dab1bda365b5492ba5a42ccfffd72fddfa0218b4
SHA1 hash: 0090cfaae7251ee8c4f0cfe94bb6906035f8cf05
MD5 hash: b2cfcef5c8200ddda5e1d81852b5bd66
humanhash: mars-fish-eleven-solar
File name:INV20201006PO3748.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-10 12:33:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ec04b5581cf453914f248bcff22fba4 (1 x GuLoader)
ssdeep 1536:bM94d4xRPxZNaburbVMAwQqamIWSESo5wmM:G4d2ZNabuXKlrnW7
Threatray 896 similar samples on MalwareBazaar
TLSH 07736C1FE628D453F1700A3025B24ED59B537E27640F6C0B99492DBE0E72913AAE763F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ecs-yTWXi.localdomain
Sending IP: 147.78.221.105
From: SALES DONIER TECH <jfazari@thebamcogroup.com>
Subject: Re: rev-Order-june covid-19-10-06-20-PO
Attachment: INV20201006PO3748.img (contains "INV20201006PO3748.exe")

GuLoader payload URL:
https://abnormalpresentation.com/kva/modimo_yIYup32.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7534/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.BadFile.lm.1569.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:35:07 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cuf4qqidugbdgp5hn263yvlwsjaio4dweuw6uhr76omcoiazzzfa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2bb3ec5f6e8830a1b8e87a95bcb53406688386e7dd33149bb8117318f28faba9
GuLoader
4fa18cee955bc3a264f0b07c5b23f1d4584bc8bf3506ee2a3a55db73dd79f4cc
GuLoader
554da92aa0dff594ff82094b0a8e8125419723e8899c670f7b8d74daf0580880
GuLoader
5f0c0c43a813132bc787e581c5456b0bbd3f4bb1947691b9636eec6236861f5c
GuLoader
6b44f8bb0a99d2b29794f048d92bd25805461a6eb9fe45fd82836deb63adb774
GuLoader
71042d1c33cb49ff3cfe79416497b82b9f58a7e3179da4a1e5ce0e9a55342935
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
a9abad7f4aace35de5651f437a83f47787606345d04ea63426db6a7a9b02ba5e
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b22c89b7538e1da6bdeadb5eab3df9ab4c76de044017db8045d7bb76049945f9
GuLoader
+ 886 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mht8enqv6n/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d80d7d40e1e1a1c34652b10f2c3c55ac273f6d8b13833dbfa9ca87c0a2b7e95c

GuLoader

Executable exe 150bc84103a182333fa76ebdbc55769240877076252dea1e3ff398272019ce4a

(this sample)

  
Dropped by
MD5 0d6e62bff98ab3d32889845e43a0eaaf
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d80d7d40e1e1a1c34652b10f2c3c55ac273f6d8b13833dbfa9ca87c0a2b7e95c
Cape
Cape
https://www.capesandbox.com/analysis/7534/

Comments