MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 496686996582107344665c0b6eb4e7c7efe6f56f4d0a5d33e5b635bcb95a5926. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 496686996582107344665c0b6eb4e7c7efe6f56f4d0a5d33e5b635bcb95a5926
SHA3-384 hash: 710ddd445fa953c259976d20ed8c86454e0d5f16b2c0a41cbdc3768512d5e7066bec51b9f05b66e4b312ad6a3127eac2
SHA1 hash: c030d9c92195605e22892010b49b688b34b99a19
MD5 hash: 36c4710da181da59ccb5acd3a6129e3a
humanhash: purple-mobile-robert-fish
File name:SCAN_COPY 1099200.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:208'896 bytes
First seen:2020-10-21 09:57:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0718848af9724b93bfeea418f71f1081 (2 x GuLoader)
ssdeep 768:TZ1+TCIIkWRQUsqmLzl0jKhLlhEbzBTkP5eWyLrOtYlBfr/fLJc8ZIv4GjzoRKsq:F4ZWRI5P5lQzBgptorJnQ4Ej1zT
Threatray 2'652 similar samples on MalwareBazaar
TLSH 39148FACB5E1FDCCD60C3535C61BB1158CC508B01A68807A267166E7B2B32BEB64FD79
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: feliceconserve.it
Sending IP: 191.96.185.245
From: Luigi Oliva <luigi@feliceconserve.it>
Subject: NEW ORDER
Attachment: SCAN_COPY 1099200.rar (contains "SCAN_COPY 1099200.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/73971/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching a process
Creating a process with a hidden window
Result
Threat name:
AgentTesla GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/505624
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected AgentTesla
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/496686996582107344665c0b6eb4e7c7efe6f56f4d0a5d33e5b635bcb95a5926/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 01:53:16 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jftinglfqiihgrdglqfw5nhhy7x6n5lpjuff2m7fwy23zok2leta._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
12b62af6539e46350a256cc22d72b17b2d005507ff7332390da2fc2ebe159bb1
GuLoader
13c555d2bc29bc384b7c496c0aefadfbe38d7b415e11c43bdbcfdf702062d1f3
GuLoader
3c03c5f80df2762d336347192bcb146bd837550b208bab90b0e81d481d7e3506
GuLoader
65b63f4f75c7b4e0c164a93957996ce074fc3a0e7a42d56fa53137ea2c060e5f
GuLoader
775188796115cd4ed9c6a6782ac0e2512c0759616395fc0e6193e63850adb4e0
GuLoader
96e931e07df1c012d0b7d4af91eaf2e57da055de9b8fabc499992470555ada5a
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
c61ff47c382b7819f475a74693395a56e30741d2d126d0e7212d1ffc42814d57
GuLoader
c9f5530468fde1d7a198bc7dd5a43c390b234f10649dcdbdc25890c0563d4691
GuLoader
f18e31ee1b4c8d1561cfce6bafa731020f5838566393728d1c0de1cbde333ef6
GuLoader
+ 2'642 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201021-xpss34a7rx/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
496686996582107344665c0b6eb4e7c7efe6f56f4d0a5d33e5b635bcb95a5926
MD5 hash:
36c4710da181da59ccb5acd3a6129e3a
SHA1 hash:
c030d9c92195605e22892010b49b688b34b99a19
Link:
https://www.unpac.me/results/5264f946-497e-4b2e-8e80-001b79c244aa/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar cd37280fa0f362c61babedecab2a35e897cce12436e929e2002dc72a2eea6977

GuLoader

Executable exe 496686996582107344665c0b6eb4e7c7efe6f56f4d0a5d33e5b635bcb95a5926

(this sample)

  
Dropped by
MD5 e28339d8a34d432d4ba7a1f4b65f8d53
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/73971/
  
Dropped by
SHA256 cd37280fa0f362c61babedecab2a35e897cce12436e929e2002dc72a2eea6977

Comments