MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36db728736b47a5c1b050ed1255c0244c3f272b9897ef507c6348b61ae6f6e94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36db728736b47a5c1b050ed1255c0244c3f272b9897ef507c6348b61ae6f6e94
SHA3-384 hash: 0be6b845669ce12acb65425b59274775f2a71a36b3338b8eaa4630601caa17b410ca5b666b4325f74feb9d6ef65beaf5
SHA1 hash: 11b60d12fcb8635591457dd4f335e95e26754b32
MD5 hash: 94b828d80913fa0c13862100a80969fe
humanhash: romeo-zebra-zulu-cat
File name:94b828d80913fa0c13862100a80969fe.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-06-05 19:32:26 UTC
Last seen:2020-06-05 21:01:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a032328e601389319b87f03d4d412ea6 (1 x GuLoader)
ssdeep 1536:VwTDrdLtwmSw+hwwDwv9im6Y/Ao03Ad2/zq1yLkTkOcWPD:VcrdhFSREc5Y/AosVeKq9
Threatray 682 similar samples on MalwareBazaar
TLSH 6F931917BC389D25C0A92EF17C1BA8562716AC14BB501EAF2284FFBDF6705A33C65706
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=18codyYi6XQqRfcDfOaRorRM4eGW8mgsq
http://blockchains.pk/nw_kUILGeMGK73.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AsyncRat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6807/
Detection(s):
SecuriteInfo.com.CLASSIC.11237.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 16:54:28 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g3nxfbzwwr5fygyfb3iskxacitb7e4vzrf7pkb6ggsfwdltpn2ka._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b4749ab7cdd7b5e94b52c734d85bc42353739e464377359ae72a25f7552328a
GuLoader
1561967cff081a9b139de45a82e6a61e2f5b01834d4666f2fc88cf0c52220268
GuLoader
397dd4bc6657e428ed2b5d3bcf09d3409d943796cfe5d096583c85ff8a3340b1
GuLoader
39c515aecf42295136801c4a1a847d80bc8269ad5cf20c512af98a020cd7a699
GuLoader
3a632ffacb961b5f6d075395013be5162b65cddec7cf9f2229f12ce84fc7a213
GuLoader
4cfa54b4b97d2f12a225b24eb37c89312976f77f48cfa5da3ecd8dcf4a21ec90
GuLoader
6d6eb640a5ed74ff6f53040b3ce6aee62a54991a9f177a71ad540e4c63d49be1
GuLoader
8a537505ec668cf353931413aa389f5a5eacabb6469f04dcabfe0b7acff721d9
GuLoader
bf0608df4ec33356cccf0af528cb8272bae2d3e86fc46ef5b80da38c92e77176
GuLoader
de7172d5a714ddfb1da598299b059e35e322088eb01d4457a5d3f8de3a414861
GuLoader
+ 672 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-vys5vft2h6/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 36db728736b47a5c1b050ed1255c0244c3f272b9897ef507c6348b61ae6f6e94

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/378969/
  
URLhaus
https://urlhaus.abuse.ch/url/376168/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/6807/

Comments