MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c2fb53051873bdd9f851e47352dd4b303241a0224f458040dd5d06ac242cc7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c2fb53051873bdd9f851e47352dd4b303241a0224f458040dd5d06ac242cc7d
SHA3-384 hash: 5399319ccd497950fe637417a5206cac370b4f7cdadde1b1f5686ba4d84bbdf7441942197be093b2f1967364e85628ab
SHA1 hash: 8c32f40f8320e0a42a3dad8b6b715785c80adcde
MD5 hash: ddbf1930e4eb8569016a8104793bfc5a
humanhash: oranges-eighteen-princess-georgia
File name:VP-XLPE-S007-LT-002_SPARE PART LIST.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 13:40:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 55dc16a5faddfc9c19571a11e0ec42e9 (1 x GuLoader)
ssdeep 768:BEmfiMP1B0AHg8Shn0u6aRLM/3kuy26SVWXuD0W/sw7R38GbBYfKfHwbAH521M0R:bfFqUbsn0WCUuXzWU0QXbB5wbAZ2GBK
Threatray 5'166 similar samples on MalwareBazaar
TLSH 46B3C503F6E8BC83ED064DB24DE5AAF50D66BC791DA11B1BB09ABB4E14761809FF0705
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm48.hanmail.net
Sending IP: 203.133.180.236
From: 이한석 <hd3096@hanmail.net>
Subject: FW: [XPLE PJ] Project RFQ/ Spare parts list [예산견적]
Attachment: VP-XLPE-S007-LT-002_SPARE PART LIST.ISO (contains "VP-XLPE-S007-LT-002_SPARE PART LIST.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1FaIrcjvh13I-GykLsBIbuVk9NXRIJfyH

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5570/
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 02:38:03 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0005e5022cd608e05426c717720cab930b17de32f9afde7af7db5bff68db21ea
GuLoader
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
3e84acdb102f2437d07c3a28a7d06be9c322ce0840a2627bbddf01d49d337bfe
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
6bb00f89a53da0f161e6f2872b315221fdabc16975afedb7364685263487bd1c
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
93be0ad3d1ed15ca1f261a5a21ed71098bc299727ba8e17255612d429dbd9f8a
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
+ 5'156 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-kyh1jn13qe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 9afa32268f2a9c2727388e824bba6058da36885d44cedd92cc4ad0e347480dbb

GuLoader

Executable exe 3c2fb53051873bdd9f851e47352dd4b303241a0224f458040dd5d06ac242cc7d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/367850/
  
Dropped by
MD5 4e52fc906f441dc1d3be52d821f1caa6
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9afa32268f2a9c2727388e824bba6058da36885d44cedd92cc4ad0e347480dbb
Cape
Cape
https://www.capesandbox.com/analysis/5570/

Comments