MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5
SHA3-384 hash: 61fa6ca0471ad12d5986c68392e5567a21a3c904413889be5cd87760961c229ee503ad6f1e9ed2f617320c60ef544d34
SHA1 hash: 8b1842bc3d19aded000265be25677d992c8265d3
MD5 hash: d6534eea7c99761dd57779ef2ffbd332
humanhash: jig-california-paris-fifteen
File name:Statement Of Account April 2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-06-01 08:25:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 663ea523d9c3d1170618cecb7771f19e (1 x GuLoader)
ssdeep 1536:BH3hHL1HRmiKsZShxh+bS+tSQ0ZO8aBmuS88/EzlxZ:jPXhkh+bxccCr2
Threatray 1'305 similar samples on MalwareBazaar
TLSH 07A30853FEA82045F1E34BF61D7589EAB532BC220D029D1F6205BA1F5A75943B9B032F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sweeper-02.cybersmart.co.za
Sending IP: 196.41.127.12
From: Shi Zhengping <payments@grasha.co.za>
Subject: RE: SOA SETTLEMENT - COSCO
Attachment: Statement Of Account April 2020.arj (contains "Statement Of Account April 2020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=110Xd5h16e7NSqMRukioJkQYlenh5BDtG

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5500/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 08:36:24 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ectmwuumejwlob3ptpoky5vjikzsv4f2usg7rlvomwxlea4aylkq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7
GuLoader
4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe
GuLoader
79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
a465bb38250994671f200d8c66cfc0718354bc8974713ba6f9f3eb15a4acec7d
GuLoader
cb530981e6d92b89bc5346c11b478a5fb329eae8d8bb4609ee00f64747b993ff
GuLoader
d4be4226b685156a19f30ba35099d97c9608c08053992fc0d158b8f6b2bb7712
GuLoader
+ 1'295 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-zvy3gt8nkj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj f5b7a1b7581e932467735261215acfa63086f23c0508437bc9b46588ddf28044

GuLoader

Executable exe 20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5

(this sample)

  
Dropped by
MD5 d6e69806a60ff702d1d3e0bced81665b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f5b7a1b7581e932467735261215acfa63086f23c0508437bc9b46588ddf28044
Cape
Cape
https://www.capesandbox.com/analysis/5500/

Comments