MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e1b8febf5f7c0c794dad1a6ae195de982e8c0940997568a370c6fb21511d98a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e1b8febf5f7c0c794dad1a6ae195de982e8c0940997568a370c6fb21511d98a
SHA3-384 hash: 281a47edfeb8f817017ffaf745b170e9fc07f28392537537069705215a9042ec9b97dce4f041540aeafee1d3402031ea
SHA1 hash: 10c9a89a85ed3b64b5f53af10087eefd70b6b7db
MD5 hash: 960b8961f9af4622676042691b5bc3c2
humanhash: fillet-edward-london-pluto
File name:PO079375.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-09 06:36:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a8920e48d04c7314791e1537b5970b01 (1 x GuLoader)
ssdeep 1536:bquRtSbnelpPmmj7TZriaHpNIk87qvejD:HBpPfDIxjD
Threatray 5'134 similar samples on MalwareBazaar
TLSH 35737D036944D112E0544AB02C739ABC0F2A7E284981AFDF6199BF1FF5B67536CAA13C
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: coreit.mynewserver.com
Sending IP: 88.99.38.211
From: Sarah Wong <kelly.giotopoulou@theluxuryspot.gr>
Reply-To: Sarah Wong <tolentinomavi13@yahoo.com>
Subject: Request for Quotation
Attachment: PO079375.gz (contains "PO079375.exe")

GuLoader payload URL:
https://octagongrinning.site/bin_PsvLtX71.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7247/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 01:47:47 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hyny727v67ampfg22gtk4gk55gborqeubglvncrxbrx3efir3gfa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
26578480a0124210e78362e63cb2fb0d2998a47e6b1d8f43cbe787caba1ac5b6
GuLoader
5faba24468dbc655649ac2467b30d89f0e9d7f2bd9f827656a157494d132b607
GuLoader
65d993ca9f1fffaa634838468d8f9401f7f2812aa75065e9805447db5b667720
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454
GuLoader
ee4ae13d3fd3b58d86e270db11937476b4b7add1673983c2c28ed4d7dcc75552
GuLoader
+ 5'124 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-c543974zg2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 3602be64b69c30e4201700f2c25c7f852344796d7176bf990a40e667c245660a

GuLoader

Executable exe 3e1b8febf5f7c0c794dad1a6ae195de982e8c0940997568a370c6fb21511d98a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/384279/
  
Dropped by
MD5 77ca9456b69c61304f50b78fad8dd55f
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7247/
  
Dropped by
SHA256 3602be64b69c30e4201700f2c25c7f852344796d7176bf990a40e667c245660a

Comments