MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f3135503ed9fb4ed106c98a51770d1ac8824631c02af922d763538a66d32e84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f3135503ed9fb4ed106c98a51770d1ac8824631c02af922d763538a66d32e84
SHA3-384 hash: 7d85e38ca1e6f851eb99f8ae9bda3bfe21fcfabd163ad7aa8b053606b419cb1420ced511a76963abad918534078e937e
SHA1 hash: d42eb8c93d77183371b23b6d04288bea5b32b433
MD5 hash: daedcb119c1b1892649c5524089baf66
humanhash: cold-orange-aspen-king
File name:PO TQ2010487701.JPEG .scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:57'344 bytes
First seen:2020-10-23 07:02:41 UTC
Last seen:2020-10-23 14:48:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 29dcb0c2534e8966a6eea76d9e43947a (3 x GuLoader)
ssdeep 384:nbh1LQM21eegekaWj5bagevK+ygAGbaYUUq3w5DY7z1kPdK882RXu8U8Iu+OYG:nh2p5tAI8ibaYWgpY7z1kPdXZRI
Threatray 2'718 similar samples on MalwareBazaar
TLSH D3432ACEAB95D46FFE644E708A21F35781BB7F22554B490F2A283FAD2D319414BA0F05
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mailer11-1.incnets.com
Sending IP: 210.6.92.71
From: Jackie Lim <support@peepni.live>
Subject: Urgent Quote Required
Attachment: PO TQ201048770102.JPEG .uue (contains "PO TQ2010487701.JPEG .scr")

GuLoader payload URL:
https://convertprogram.com//mpa/J_GQfrp151.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/74967/
Detection(s):
SecuriteInfo.com.Variant.Bulz.150189.17931.1325.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/507851
Signature
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential malicious icon found
Uses an obfuscated file name to hide its real file extension (double extension)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f3135503ed9fb4ed106c98a51770d1ac8824631c02af922d763538a66d32e84/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 06:08:46 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f4ytkub63h5u5uigzgffc5yndleierrryavpsiwxmnjyuzwtf2ca._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1289d591984de5325235e57987ab171b4ae3f9d55baf3476087677805922427f
GuLoader
14eb827b600c3f7ccf2af766d0fec868e6b0467eba9264f19b75427f95ef7cfa
GuLoader
3b6460bb14fdce88ab8ec80e5cbfecbb15bbc09de1e75c51246d1c670925b340
GuLoader
50eb8b54c87303301b6614c07195bef8121ab2f99685ced448b915f9e6f0fc15
GuLoader
6964c8791bbf63ce0cf1dac7e62486fd3398d16c72774904fd3a7ca4f3957fff
GuLoader
784d9c10d108190a9e18b3d5756404a3e63fd728abd648225cbbf80c4f78fe76
GuLoader
99d07b0682434235023da65216efdcc624d66c436e80745614315d4c68e8735f
GuLoader
cabd27c6a3959d7f313b5e73679637c93fd21db0e6e6ee3e78a6d5e264068407
GuLoader
e3bb363542c6d38bc7cf43863d0247e9e9c96c5176f4c0cf4bbd3bbe2afbd31e
GuLoader
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
GuLoader
+ 2'708 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201023-8rt8jtlemj/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
2f3135503ed9fb4ed106c98a51770d1ac8824631c02af922d763538a66d32e84
MD5 hash:
daedcb119c1b1892649c5524089baf66
SHA1 hash:
d42eb8c93d77183371b23b6d04288bea5b32b433
Link:
https://www.unpac.me/results/0a7b2030-a651-4f18-965c-64341ca16dab/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

uue 6fdd27e02338b3581cf1dbdc795f948975ad20788a61b86225be16de10044ebb

GuLoader

Executable exe 2f3135503ed9fb4ed106c98a51770d1ac8824631c02af922d763538a66d32e84

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/738562/
  
Dropped by
MD5 a4e95298e4abd002a9f32f1eaed534e9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/74967/
  
Dropped by
SHA256 6fdd27e02338b3581cf1dbdc795f948975ad20788a61b86225be16de10044ebb

Comments