MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17653f0b95df006bc5833a71a7cedaf0210ab2dd9c913104576b4823c8f7cdfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17653f0b95df006bc5833a71a7cedaf0210ab2dd9c913104576b4823c8f7cdfd
SHA3-384 hash: 201e6f00fd60831e6b6f844a2e9b5cffa248876b31dc2ac9e9ddad1c3c962b55c163cce808a564675e139337a1494e3a
SHA1 hash: b2f420a630dd67d1fc2af273f542923d60c4bc76
MD5 hash: 17cb70c65f3d9ecd45b94443085db16a
humanhash: island-foxtrot-london-hamper
File name:Doc726372837293 pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-06-05 19:34:30 UTC
Last seen:2020-06-06 14:19:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 11c3e91a522e70cdc8f29c74f1bc8b13 (1 x GuLoader)
ssdeep 1536:BGKDrdLtwBn1+HZShg2Y/wDwvUMiznTPzih2mbr0XYd:BnrdhYgyE7iznTL3oh
Threatray 868 similar samples on MalwareBazaar
TLSH 0D9319136C29DD25C0A52EF17C67A84A27066C14BF501E6F2294EFBDF6705E23C6A70B
Reporter abuse_ch
Tags:exe GuLoader HSBC


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.bengiamein.gq
Sending IP: 64.190.95.156
From: HSBC Advising Service <admin@bengiamein.gq>
Reply-To: kimhilary164ever@gmail.com
Subject: Ref: [GB987338373] / Priority payment / Customer Ref:[6928373D00117]
Attachment: Doc726372837293 pdf.iso (contains "Doc726372837293 pdf.exe")

GuLoader payload URL:
http://immigratsiya.info/bin_DJIkWD59.bin

Intelligence

File Origin
# of uploads :
4
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6811/
Detection(s):
SecuriteInfo.com.CLOUD.26344.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 19:36:01 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c5st6c4v34agxrmdhjy2ptw26aqqvmw5tsitcbcxnnechshxzx6q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ad4f6db3a7a39ce0c3df5c2424f572c6a24645cd6c40e4446843dba3e646a12
GuLoader
7a31d09cfe9943fd971a89ab3e411ba085d3cb57bf27b0a8d1a591e4be6f9102
GuLoader
b571436ef8d4284f5dabee122973c8710965a31de19f80f7a8a62cb8cea8f1d6
GuLoader
b5bd9240b7a811177610996661c9fc7b8e9e3b5e0eb6668c7f6cc17b1185f625
GuLoader
b8c463fc8f8137444b55e4cc24564f539bfe17956a7dde1e4cef2a1d3b9a2856
GuLoader
c98091ed44cd76e438ce2e7a9c71b57d37ff45903d365162040af94fa143b9f5
GuLoader
d5fdf6585b3afb5b8b4692779e722f9e36a9cb63611713eade2ab1063ed0bab6
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
f8dec47c69d225551ae101236be38ea50944b01e14f64a8e5d4758c8e20ec6bb
GuLoader
+ 858 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-j3vwgwekme/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso bb1346d4ccf83bd8aad753c60c74d2563354a369f35d0fc0945025b614917a43

GuLoader

Executable exe 17653f0b95df006bc5833a71a7cedaf0210ab2dd9c913104576b4823c8f7cdfd

(this sample)

  
Dropped by
MD5 829d4e7444d497594a8d91fb8fee52ab
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bb1346d4ccf83bd8aad753c60c74d2563354a369f35d0fc0945025b614917a43
Cape
Cape
https://www.capesandbox.com/analysis/6811/

Comments