MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36c2790871534ef40e28ff56b3a7c51b38479f57a878ddef882590b8c9dd24d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36c2790871534ef40e28ff56b3a7c51b38479f57a878ddef882590b8c9dd24d1
SHA3-384 hash: 860f81e1463459bd418cdeec55475c8dd31be0b2414b8d5d902d90617a0cb036cbc66667bd0f0ae66591ad24e91075de
SHA1 hash: e6124132634989bacd1036d9ec4219a18ed68831
MD5 hash: 4be83658025667893882964433e14bec
humanhash: butter-finch-golf-indigo
File name:New Purchase Order - Mpt Inquiry.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-11-05 08:23:48 UTC
Last seen:2020-11-05 09:35:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 96cf4e36f6d6288ab2f80c60297a3173 (2 x GuLoader)
ssdeep 768:FzuicbKZiBmmZ66iWoZqAqAI4R9v5bIryY24W4K98n:IfKYBRZ6lWoZqAqAIM15bpLd4L
Threatray 3'057 similar samples on MalwareBazaar
TLSH F0736C61D8B099D1D26E87B1FA73CFAC1697BD214426872F3612695F0AB67840CD0B2F
Reporter abuse_ch
Tags:Endurance exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 198-20-228-142.unifiedlayer.com
Sending IP: 198.20.228.142
From: Import Manager <sales3@nazahaco.com>
Subject: Re: Inquiry from Jason
Attachment: New Purchase Order - Mpt Inquiry.xz (contains "New Purchase Order - Mpt Inquiry.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=53A1278561E3E6B0&resid=53A1278561E3E6B0%211309&authkey=AIIgsGbpoe2erz4

Intelligence

File Origin
# of uploads :
2
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/83112/
Detection(s):
SecuriteInfo.com.Artemis4BE836580256.5121.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/521066
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Executable has a suspicious name (potential lure to open the executable)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36c2790871534ef40e28ff56b3a7c51b38479f57a878ddef882590b8c9dd24d1/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 06:29:18 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g3bhscdrknhpidri75llhj6fdm4eph2xvb4n334iewilrso5etiq._file
Verdict:
suspicious
Similar samples:
0282b710d24b3d098017e3231c93e1b46bf8586a6e0cc83ec76f2a1d710c6813
GuLoader
060500558c754696c0056ec073344071c058d198ea0dba06632f93edb1276624
GuLoader
07bea1f0f5a11fdada688ba215ee670c1a77d2f05b0e1125edaee37e66a0819c
GuLoader
0a9055100b10ba145a65334aa2b316bc30722cd75539c6dcca168da6263040a6
GuLoader
26d95099636e212fccb35c4865a6aaee393079698b6c3a6f0a07ef2960a845b0
GuLoader
3f2c710a97bb42579ee2f9956437ff160a68bd787439fbc025ab3d6b46076d34
GuLoader
448379f1a0a59fa0a84180351e48559c9ed7ea6875cdd525782b714a77a2fff9
GuLoader
4acadb0925e9ed9375a93307e5fbee58a8bbefe02a97463bf45e45752a7cfe42
GuLoader
a891606327e5e625ddd626a1c63958e6575c2293bcfef7388fb803cef653f931
GuLoader
e8b09f7077354fc4eac453773e0404cfcb88694939d7604165d0ea768249050d
GuLoader
+ 3'047 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201105-84vh383sf6/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
36c2790871534ef40e28ff56b3a7c51b38479f57a878ddef882590b8c9dd24d1
MD5 hash:
4be83658025667893882964433e14bec
SHA1 hash:
e6124132634989bacd1036d9ec4219a18ed68831
Link:
https://www.unpac.me/results/6ea907e3-cb4f-4fbe-b7d2-af656df8df70/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

55ed22437cdf464b5e363ebd317673e9

GuLoader

Executable exe 36c2790871534ef40e28ff56b3a7c51b38479f57a878ddef882590b8c9dd24d1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/789052/
  
Dropped by
MD5 55ed22437cdf464b5e363ebd317673e9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/83112/

Comments