MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 348ad616b802594ef5f77160bdf21fbe5b806e6400c2ad4cedc019bc25374e61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 348ad616b802594ef5f77160bdf21fbe5b806e6400c2ad4cedc019bc25374e61
SHA3-384 hash: 079bcb16a37c603b31e2d26470c477bc9699da1a7be0c653e7458443a228893b338f725f601b13f4c9a1158607f46b5c
SHA1 hash: 2d3c1e217d5519599734bc94dc3d60a9947144c2
MD5 hash: 249f7d2d22169497d97e5cc42351ee51
humanhash: stairway-yellow-west-quebec
File name:dombogac.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 12:50:35 UTC
Last seen:2020-05-27 14:13:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c892dafdaf55da1a38e820a018151030 (1 x GuLoader)
ssdeep 1536:M7KWCzUaPOQvn2VDph+NT3mIfOrMaWFkJU3yLa:sK3xPOQf2+NTFf2M4SCLa
Threatray 109 similar samples on MalwareBazaar
TLSH 27B3170B75C8AC62FD398BB119B289A25C36FC343C044F2B7149BB6DAC775D928E0756
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: nsmail.psa.gov.ph
Sending IP: 202.78.94.66
From: Vaghela Anil <purchase@dhcubeindustries.in>
Subject: PLEASE CONFIRM ACCOUNT
Attachment: New bank details.img (contains "dombogac.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=F5533CD060D35070&resid=F5533CD060D35070%21161&authkey=ALKFxCxSEnXaqAc

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5016/
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.10682.5749.23985.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 00:04:45 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
141d8dd9c235560984db345a6414c17c5fed18e5b2106f240a58f3cdcc9f9584
GuLoader
64b3a6adfac5ca856a15d9c0a22840056506562ae94233a30b2c8e32a7f61cda
GuLoader
66a2bf82afdb19daffd125afa2f94c6801fefd75b7759c10e2c0f8aec62fb795
GuLoader
752f7fba9fba7cccbdac0e60f4e63b4e0baf2071b9b22392bf512b952b721b8c
GuLoader
973c6ca52f1749604a7ba4aeeb65e2e3ea610707651dd637199249bf4ba0b6ea
GuLoader
99e8e8f1ec69e184c986d1c35deb49f85df828936c933120edf58906c814ca53
GuLoader
9e3a497a827876ab6b91eb532b3706f9ba4c0c22c86c9c049f21bb5add78bc36
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
efa7f245a35c85568d26690f149f992e77c007fa1fbb7c2f4f050cea7fcca930
GuLoader
f0e180d5a00ca5ab5c375261bd3b986b3ef7b5474fb5935b64caa7f02fb02148
GuLoader
+ 99 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kfwkc74xk6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img f62778e900834799841da7d31b6f38d6908d9ac5a14a44d6d1a0abfcb8012990

GuLoader

Executable exe 348ad616b802594ef5f77160bdf21fbe5b806e6400c2ad4cedc019bc25374e61

(this sample)

  
Dropped by
MD5 3ebc0df2343a1fafffb9e2ddce7256b8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f62778e900834799841da7d31b6f38d6908d9ac5a14a44d6d1a0abfcb8012990
Cape
Cape
https://www.capesandbox.com/analysis/5016/

Comments