MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40c27e805186cc26240cbf37d1d2809412c42e2a3610fdff32cf5b8ce35459e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40c27e805186cc26240cbf37d1d2809412c42e2a3610fdff32cf5b8ce35459e2
SHA3-384 hash: b46a8665bb68ac45d42e51e479f96016ded979508e0a4e57bcb8c0893f4fceb9d7d4e846a155ee9265a5969749a793b9
SHA1 hash: b0a8038f9119aec80e18d28f36dfe2f550c70520
MD5 hash: 9fc7695a689f5a21f3dbcac50af8d8d7
humanhash: failed-quiet-winner-chicken
File name:scan1169 SWIFT COPY.DOC.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 13:29:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1452f7694d7ee0fd235de1f93c69a9e7 (1 x GuLoader)
ssdeep 1536:3ASPfxV40jxZHZkgrKHxLdGKc+o0FDHdZ1gI9pmhJ1pSyrytg:3pPXjbHJKVdhjFD9zfAUvK
Threatray 1'352 similar samples on MalwareBazaar
TLSH 03B38D13ED0D8AA3D1084BBD3D178EB92A1CB92D09005BEF71756E9FAD316421DA721F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host130.cityonlinebd.net
Sending IP: 113.212.108.130
From: Andrew Sommerville <andrews@gbj-ltd.co.uk>
Reply-To: drivee457@gmail.com
Subject: Re: RE: ENCLOSED SWIFT COPY PAID
Attachment: scan1169 SWIFT COPY.DOC.zip (contains "scan1169 SWIFT COPY.DOC.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1cst2lo44fPOBNX8uRFwHc-KZ6UzF20oX

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6322/
Detection(s):
Win.Malware.Generic-7998112-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:30 UTC
AV detection:
26 of 47 (55.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=idbh5acrq3gcmjamx435duuasqjmilrkgyip37zsz5nyzy2ulhra._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c
GuLoader
3667b7518f2634bfd589f12fe1fd6e7ec1701030529dd3ece0b04705e76e5e06
GuLoader
5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab
GuLoader
a29068c2164d609c5dcb0cca032b10ec0573159f7b83dad43a278811bc6cb8c9
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
bbb38a432f7eff2a12b72c3ed853e937fbf5d7b9bd23b9f8ab61beb6bd594c10
GuLoader
bf5ffbd0909424adb18dcdf238e0829784b9f3372f28d828fde0e158d8360584
GuLoader
c688c6b0f5bd44c8d37e810000892ce8d0e2225f1dd04a92d454fd60c7cdc779
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
+ 1'342 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-agsr9xyk2s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0f1670d48f2547e3f47b8eaa7e096d1d67aa09d5f80a51d97c737e36e50cd99f

GuLoader

Executable exe 40c27e805186cc26240cbf37d1d2809412c42e2a3610fdff32cf5b8ce35459e2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376175/
  
Dropped by
MD5 539127258e36a545d432e74f77f4cd74
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 0f1670d48f2547e3f47b8eaa7e096d1d67aa09d5f80a51d97c737e36e50cd99f
Cape
Cape
https://www.capesandbox.com/analysis/6322/

Comments