MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b2166f900572c98775661fd3905d86451e7470c2e548fe234f20f2069c93331. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b2166f900572c98775661fd3905d86451e7470c2e548fe234f20f2069c93331
SHA3-384 hash: 1bdbc5e1c55326f2610876ff003d0d3296b2a08ca26a05c254b8359495145fbeb9d9822fcf7097cb19d14ca2a7605685
SHA1 hash: 93c1b3c6e22d4b46356540934f826f90d99998be
MD5 hash: d2d96f305f1a204a4fcf4c2e4f9d2a70
humanhash: lamp-eleven-vegan-football
File name:Gennemslagskr2.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:36:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d6cd70f437937e69bb6c1fedd276388d (1 x GuLoader)
ssdeep 1536:7JS7cFy+6fGSCT6OWUWa+IhCAQKBbtP4WRD:7J3NhSC+0WheCAQKBl
Threatray 5'114 similar samples on MalwareBazaar
TLSH BFB3F602B9D9FC85EE011EB40FD07EB40D12BD211DA06B03B55FBB5E6A3A5D21FE425A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: box.apexsruveyors.com
Sending IP: 192.236.163.127
From: info@alaskerparkers.co.uk
Subject: New PO.
Attachment: GE231101.zip (contains "Gennemslagskr2.exe")

GuLoader payload URL:
http://weareupstream.com/n/bin_psPlI206.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5564/
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 03:49:02 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
7acf7bc635e79515685759c8b4673d69245730d1e77dac430e093d7869e06e11
GuLoader
915f6138fa526b0998b85544881e698dcce37994e528c487c15c8acc2762f678
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
9e4e7f1d55db4c01612f4fb87b648fb0a1edcaf1e57f7ae41919d029196d41f9
GuLoader
e15e175581173bb19a26a05cb7cf4ca26ce681a1d328e84341267a24be882f65
GuLoader
f16c35d40cb23f67aa0fcc4ebb84df8a252dd7876659c39a32c2a2afc6a581b2
GuLoader
+ 5'104 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-abz492q4hn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a6f2789b5948acd61ce64b8134c342529fe95e4f589486ee4d14ba3bb44b0cb6

GuLoader

Executable exe 2b2166f900572c98775661fd3905d86451e7470c2e548fe234f20f2069c93331

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367849/
  
Dropped by
MD5 eaaf9d408171763a0f67d9e9963bb38b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a6f2789b5948acd61ce64b8134c342529fe95e4f589486ee4d14ba3bb44b0cb6
Cape
Cape
https://www.capesandbox.com/analysis/5564/

Comments