MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33b22f183b47d03a90eab7eda3ecc8f05c5e5b6e011588998d1b9aae4ead0f36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33b22f183b47d03a90eab7eda3ecc8f05c5e5b6e011588998d1b9aae4ead0f36
SHA3-384 hash: 906db8146673c8222e201f53408eb3730d56b52d8321fd3528980a1264e6e41d6fec81c8df6c6e5b171187c32d8a5ddd
SHA1 hash: 236ce32a82ca4621439a21624732744772a82b72
MD5 hash: dfe34d84a84eff1c4ee158871025de3b
humanhash: cardinal-grey-delta-leopard
File name:NIDEX LTD QUOTATION_2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:57'344 bytes
First seen:2020-06-08 12:10:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ed57d38212442c6fbd5a6c2cae3bca29 (3 x GuLoader)
ssdeep 768:gM08jpQCUHsQa1Hc78h1WvxkiPRNXPqcZ+PRlKzWs:c8jpQCewc78evxZH+PRlkl
Threatray 767 similar samples on MalwareBazaar
TLSH 5743E71775EA5011F2024AF3FC619EED1D66FC21C441BF0A66C4FA7B1F31A06ACA562E
Reporter abuse_ch
Tags:BGR exe geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: clean108.mxserver.ro
Sending IP: 89.46.7.164
From: NIDEX LTD <store@nidex.net>
Subject: Необходима е спешна оферта
Attachment: NIDEX LTD QUOTATION_2020.gz (contains "NIDEX LTD QUOTATION_2020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1dh61IWa7fEtgrnP8A53Q04fHssd8qOWY

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Lokibot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7008/
Detection(s):
SecuriteInfo.com.Cerberus.12106.11230.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:12:05 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gozc6gb3i7idvehkw7w2h3gi6bof4w3oaekyrgmndonk4tvnb43a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1621dac1140afd3e3eed4b0f4ab0a93e81cd56c76e7532a0cc03d0b5a8dae04d
GuLoader
586308277bf0f934777f113da1b684233d2cdfbf6b746eebc35d2f8dc8d1c585
GuLoader
6b44f8bb0a99d2b29794f048d92bd25805461a6eb9fe45fd82836deb63adb774
GuLoader
753233a9add39ae1d7c975828f77000c63d2ab206ddbc52adc36cfd6f8ec8f7d
GuLoader
79afc9b39ba7fe7dd6ed282d39eb915bb47271d552177f62c6606b99901f9cd2
GuLoader
7bcfd6304cf50881a7f42942fe80cdc0d26bd2f0934c6e2bc8df904a414fae4c
GuLoader
8e33267ec0f63c8cdd0bfaac8ca2e231326617683ee03d418dbd19ba00d1c2e1
GuLoader
8fac7f5a497d4b313250507c1939fab835e49b75f532dea338231747784588da
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c804f5f16c0a482839a2b519a7f7d5183d9b3e12bdcce8bc36d7463294668c25
GuLoader
+ 757 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jgcy3fsa46/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 94ea164a308d46dca9373b22e2c816f5026a655cc051df5f09dc038f18efe854

GuLoader

Executable exe 33b22f183b47d03a90eab7eda3ecc8f05c5e5b6e011588998d1b9aae4ead0f36

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383112/
  
Dropped by
MD5 8256c7e298b46990a4aa58dcf742aefa
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7008/
  
Dropped by
SHA256 94ea164a308d46dca9373b22e2c816f5026a655cc051df5f09dc038f18efe854

Comments