MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2090709916a41cfe9ae1ebf1fd4e1dc13803e1cbefac6b796a79311cb5a95e2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2090709916a41cfe9ae1ebf1fd4e1dc13803e1cbefac6b796a79311cb5a95e2b
SHA3-384 hash: 1ed0c8bbff6177e332f69ac06bb464bdd231933b059dad4297838f91b5f3510d7d1c6137016142e4d05b07d0973e7c42
SHA1 hash: 90c55e9d7e098bd0f51aff9bca27a2ff64229be7
MD5 hash: b78d3f84d653a467b1196bacdcac7ad9
humanhash: arkansas-autumn-equal-grey
File name:P.O. No.BEPL20-21.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-11 06:32:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c2834dfcad608f499017c8d3dd7c3317 (1 x GuLoader)
ssdeep 768:bCE/fEfq4d4DdewxnrN1Bsmmuqe9vse091X+0bbWNzRAUch/cDaf5m6r:bf94d4xRxnB1Bsmoelse07rbyShEDAr
Threatray 1'021 similar samples on MalwareBazaar
TLSH 03535B1B2E0CD5A3F1340BB018B296A41662AC284D01AF577F8C7F5ED931AC2B9E761D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://onedrive.live.com/download?cid=11A4726A173FF7B3&resid=11A4726A173FF7B3%21362&authkey=AEN9-adFys9sqRE

Intelligence

File Origin
# of uploads :
1
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7766/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 06:34:09 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ecihbgiwuqop5gxb5py72tq5ye4ahyol56wgw6lkpeyrznnjlyvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0cf9ce17aeee086bf3085133f76a2ec2856900ac84a5dc017bbd0f4d46bbb40f
GuLoader
24ebf6b9c1e61b3bdf58d0678683a8cae05860849a4d8b58a089af47a5ef67f7
GuLoader
2d49b1fe3da354221f225b3d9f99647f41c82eb2248acec1d79ddf62422f6f43
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
799d1f1babff3cbb4d32af69d12948ff5de47016063eea48756323516ed96337
GuLoader
7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971
GuLoader
8e3d70a09d8caed96a9c8dcfca66a543bfac820b329b32ab9df02583fdaf4332
GuLoader
8e8ca471a9f9af066d0c6bc50224b2a42047babcf74fefa7a2746e2177148743
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d213c80671d27596824def5ecb513b07e2118bd110e1230ed68aa4daab49bcc6
GuLoader
+ 1'011 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-la7k5jw5y6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_vobfus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 2090709916a41cfe9ae1ebf1fd4e1dc13803e1cbefac6b796a79311cb5a95e2b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/386461/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7766/

Comments