MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a2329959145b50cb16c5a953ae21be4f5a6a41673991d50f2012398b3abee8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a2329959145b50cb16c5a953ae21be4f5a6a41673991d50f2012398b3abee8e
SHA3-384 hash: b9967922a610c3aabaae15611d9c922368df29d9f84677ba072c9bc425ca91e7008f474c367d4727c20edd941c1edd95
SHA1 hash: 92ae919a8a62e0cab63fb50c61133f30a8ecc9eb
MD5 hash: 27322392fe25aa268f157083ab67c84a
humanhash: table-double-fish-december
File name:Bank Receipt.Payment Document_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-05 18:02:58 UTC
Last seen:2020-05-05 18:43:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f0d932bd6750f99cf0b5d333c8bd7a7b (1 x GuLoader)
ssdeep 768:7bZcvMAslY+Z4kFf8CSuiH1UaPk+KN9Gz+hUJbHa777+PH6hw408sA4UTcXCNUC:/+UllYH/CSh1U1+KN9GzC6sfSHi0vUU
Threatray 208 similar samples on MalwareBazaar
TLSH 2293D5557DB0EC22C22435B5DB69F6AFC31AAC381972890761C53B2E6F366468D3422F
Reporter JoulK
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AC.23199.4690.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 18:35:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0dece9fdaaf9fca84d4ea64f94e789ee03a7a7e663d138327c662c4fc23aa2bb
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
2ba0f2e22ed07ca3188c898a0c9256fd30e878916ebe669ed52b25cb18d5ccde
GuLoader
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
GuLoader
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
GuLoader
5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49
GuLoader
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
GuLoader
8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d0198b775182eab3ed405bd0d946006ec8616b61083e643200d1d34fe8cae2f3
GuLoader
+ 198 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kq6ngpk5yn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments