MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1faaeabc23e415ec50a9fb89feaf02f6571f9c29cc086dd465e464c6f62fab73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1faaeabc23e415ec50a9fb89feaf02f6571f9c29cc086dd465e464c6f62fab73
SHA3-384 hash: df1f3f3534af0d8a476fe739684551800cb1da2a330a36dba9c3834e1aed9ee5d1c0d1ea066b243bdd7a0e88c684ebb9
SHA1 hash: 3e1a57124f89cba43413b3d0ac0a39ef6ab2e240
MD5 hash: 54f56b53e69a3e491de3b6a4d8b0bb51
humanhash: texas-cup-magnesium-carpet
File name:New Order_0610202010256.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-10 17:28:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8656e800c16b2aa935c55d575f4a0802 (1 x GuLoader)
ssdeep 1536:bY94d4xRfZai6d1CvJ7rbSV1WstxWrNOGMO24DEL8bG:C4dmAld8lXSzreG
Threatray 934 similar samples on MalwareBazaar
TLSH 4B735A2FDB18D583E0240B70447245A0A75B7D4B650F5D1BA94D3A2B0A72E13BBE7A3F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: distribucionesduch.acens.net
Sending IP: 176.28.110.186
From: Sandra Martinucci <sandra.martinuccii@moby.it>
Subject: Urgent seafood product need
Attachment: New Order_0610202010256.iso (contains "New Order_0610202010256.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1wi6pa5EPCFtC1H_oM0QfzQYbYPYigtE2

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7652/
Detection(s):
SecuriteInfo.com.CLASSIC.30373.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 17:30:15 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d6vovpbd4qk6yufj7oe75lyc6zlr7hbjzqeg3vdf4rsmn5rpvnzq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
3a58b6a2f3d61ce467d8cbd7963b2224adeccfe5dc865eee164b7879f325a460
GuLoader
49f0ff9807e26ef36ac569e35fa391522472272a9af4dbfca04b0057e4d71d99
GuLoader
71042d1c33cb49ff3cfe79416497b82b9f58a7e3179da4a1e5ce0e9a55342935
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
765500e5e5af3c7320a36073ad19d4ba4bd15a21a5c65e2ed61eabfc428244c7
GuLoader
9d1e282f59429087df1054945ab7d3fb91eb057c9bc1d6d43f062b0a7e25a043
GuLoader
aa7170f4c174314d883e1d0a98a14b8256ab63b7ad80dffd45d0ace33ace4580
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
efbf4adb2b50d1284084841e1d5c1deb99a69d979fced2d2a5675fc666e3b76a
GuLoader
+ 924 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fk9ffwrxk2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso bbc268c28afd1d47a4f7597d28f54af3f2f2d6672c7722881904de42ebf8303d

GuLoader

Executable exe 1faaeabc23e415ec50a9fb89feaf02f6571f9c29cc086dd465e464c6f62fab73

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385859/
  
Dropped by
MD5 8a0c5fc1936700d054a6ec5ae1a91601
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bbc268c28afd1d47a4f7597d28f54af3f2f2d6672c7722881904de42ebf8303d
Cape
Cape
https://www.capesandbox.com/analysis/7652/

Comments