MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3af2afa3c74278d68dad4e050909855198bc8e2603638effadf38221b6b976ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3af2afa3c74278d68dad4e050909855198bc8e2603638effadf38221b6b976ca
SHA3-384 hash: 9dcea5da54fc274caee09324227da8fde20daa5a6fc1c0be88b652f9001a1e0d504f2a1cf368a7ae76add8123d5a1614
SHA1 hash: b280983b23f76c47fe93d50aff7d525320375abf
MD5 hash: 4f62da5fc661e7859d2fefece91849cc
humanhash: violet-salami-nitrogen-foxtrot
File name:PO_94335.pdf.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-05-26 09:03:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b8c02caca4a40e4576621ac52ac9ff80 (1 x GuLoader)
ssdeep 1536:JWZTkay5FjkCtcjOlTQtm/hwS8pxu1893ZqfcPGFOb8XobUb9:JUy56Cktm/6SquWfDbUZ
Threatray 138 similar samples on MalwareBazaar
TLSH B6C3191376D48EA2EC595FB38C27EEA72E16BC2016544F1B3684FB1E66732C27478706
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mx.bd-distrbutors.com
Sending IP: 195.231.83.52
From: John <sales@bd-distrbutors.com>
Subject: Purchase Order 4500009762
Attachment: PO_94335.pdf.zip (contains "PO_94335.pdf.bat")

GuLoader payload URL:
https://srv-file18.gofile.io/download/E8d04G/private_me_yFqjqHFn1.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5670/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 03:51:52 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
59825608710179356a6809648f78199bce58922841920895d441db2ab64e2da7
GuLoader
69386692648e92eb4a80be0962bc1dff4a1c6773ed7ae2f30a2947ad96449f03
GuLoader
91adaeeb7ac7733741a68cc0283a10f64403f64d1378558bae2342bec847f8e5
GuLoader
a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
f3691f40ec472e4bc10cd7855fce1e52a6e177513c1cff51054463cff7106601
GuLoader
f8a6d117bfaaeaf97082bdab997196ebc517e34c45eda9b687c19923feeefdd6
GuLoader
+ 128 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5r9e5x8k6x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 669dfc0ce517b0cb8aa67994e711149ff090adab5ffe2f89bfe2c7c089fbb9df

GuLoader

Executable exe 3af2afa3c74278d68dad4e050909855198bc8e2603638effadf38221b6b976ca

(this sample)

  
Dropped by
MD5 bf670de7a34d036c69de3b51bcad11dd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 669dfc0ce517b0cb8aa67994e711149ff090adab5ffe2f89bfe2c7c089fbb9df
Cape
Cape
https://www.capesandbox.com/analysis/5670/

Comments