MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40448ac4d77204f07911c0b53293d8c82591e0dca53b0eed9b4453d6133eff58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40448ac4d77204f07911c0b53293d8c82591e0dca53b0eed9b4453d6133eff58
SHA3-384 hash: 40cef3141a4fba33a1b2d8233920e41f4460030b7c5ceb94e92a85aa1a752c41a1c636d072618efaa01e929771156e52
SHA1 hash: 07e5a6fe77e30914c0e168a158d620ac18097604
MD5 hash: c9527bb3926299baa12191ef75aeac53
humanhash: bulldog-paris-william-spaghetti
File name:e-dekont.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 17:28:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f90395c7572edc949145dfce2df6f159 (1 x GuLoader)
ssdeep 1536:bZ94d4xRdeMK9tuQ7rb7CCGejgY2yMfri0NEteN:v4dm4RXxRgqHte
Threatray 676 similar samples on MalwareBazaar
TLSH 69535C4F7E48E493E1340B7059B39A542676AC299E00EE4B3E9C7F5ED931182BCE721D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://185.205.209.166/wext/bin_hKjyTFAIZm90.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7650/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMIT.3461.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 17:30:11 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ibcivrgxoicpa6iryc2tfe6yzaszdyg4uu5q53m3irj5mez675ma._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2bb3ec5f6e8830a1b8e87a95bcb53406688386e7dd33149bb8117318f28faba9
GuLoader
4f8130693067523c153d09b000e48e744ca3b86388221a840349746ea6e561df
GuLoader
554da92aa0dff594ff82094b0a8e8125419723e8899c670f7b8d74daf0580880
GuLoader
a9abad7f4aace35de5651f437a83f47787606345d04ea63426db6a7a9b02ba5e
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b22c89b7538e1da6bdeadb5eab3df9ab4c76de044017db8045d7bb76049945f9
GuLoader
b97f89957de59d3a218ed617e6acb9136e3279f9dec3f864ec32d9b29b77ec6e
GuLoader
c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
GuLoader
f060225054513f81f7600706174134f5bed19ede10f3134f59514542305c7f2b
GuLoader
fb422c90d0ddff14da11a769e774a29f71c6d6ed8352c59279dcf414f75cb91e
GuLoader
+ 666 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vltaxppahj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 40448ac4d77204f07911c0b53293d8c82591e0dca53b0eed9b4453d6133eff58

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385861/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7650/

Comments