MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bbbdca53bbe4ce27fc929968933f482e17a3161abaf8d7bc06cc06b5a5d1b7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bbbdca53bbe4ce27fc929968933f482e17a3161abaf8d7bc06cc06b5a5d1b7b
SHA3-384 hash: 1052ebe5466252b15f83d97e539e4504f4a7c8001525c2a7226e9dbc7643edf26c06f952d8b07b68ce775e63628f4baf
SHA1 hash: 4b3eed27ee93129e7c38c26034ff22ce68307fd6
MD5 hash: ea814ff25a80456d1db7cc2d9679eda1
humanhash: ohio-sierra-echo-hydrogen
File name:Penalty OrderKRA202021003314.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'248 bytes
First seen:2020-05-28 13:15:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c4903fdabc54b96f3062055c729454dc (1 x GuLoader)
ssdeep 768:SGq1CFSLiRNg+0l8MbhEJg6+JMIGapGe0FIQr2:SG6CMuUFqM0g6+N1pGefQr2
Threatray 869 similar samples on MalwareBazaar
TLSH C3332B17FA298453F15A42B1096199923E2BBC721A219F0F3685FFAD6C71983B4F131F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host130.cityonlinebd.net
Sending IP: 113.212.108.130
From: admin.itax2@kra.go.ke
Reply-To: admin.itax2@kra.go.ke
Subject: Penalty Order
Attachment: Penalty OrderKRA202021003314.zip (contains "Penalty OrderKRA202021003314.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1KCdv1fyNcGJxTDTbVrAM48cj3OY1-6QE

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5858/
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.dm0@aCKiP7fi.25308.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 12:52:49 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06361c9a89aa0c9e8f8ab725d30727dbec414b31c3c0b334f8cb9aa9ff890eae
GuLoader
182b2d026edb387534dda66711ee6f9050bc8ed871d0ebb71a96f0b18498ba24
GuLoader
24ebf6b9c1e61b3bdf58d0678683a8cae05860849a4d8b58a089af47a5ef67f7
GuLoader
26f2158d9837aa986e3d69b6cb3df0ea039d0434cd504c2911ad9788bbbf7715
GuLoader
3ab6a46e13911f31494184adc9f030cfd6f81ea2f243b4fd3b4ea3c9d5c5a3e0
GuLoader
6591794758496511c22b638fc57b5d58943670a72568dfa92f29a08c501c73d6
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
7f75534af5e989dd99a02227f555d7fdb4b57396b2eb8fb02eb71623b857395e
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
cdfe3c9dc4aa1e9378e37badc6993e814acb1ddccc2920dc7fc4fa226d4058e2
GuLoader
+ 859 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-zas2aba57n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 9368bdfc16026aa21294b362135af22d0006a5b64d6b0f0333581302f1341757

GuLoader

Executable exe 4bbbdca53bbe4ce27fc929968933f482e17a3161abaf8d7bc06cc06b5a5d1b7b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/371069/
  
Dropped by
MD5 6d9eeef580a5451d55623f1560ba02fc
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9368bdfc16026aa21294b362135af22d0006a5b64d6b0f0333581302f1341757
Cape
Cape
https://www.capesandbox.com/analysis/5858/

Comments