MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308
SHA3-384 hash: 8dc344959b2888a46ebc354c2cc88ac88aa83dc5b14f522696db1616ae7ec9d53b0b808723f7672acfa1dae668e95f64
SHA1 hash: ffe17bcceb163312f63d086137880576682ebb66
MD5 hash: 0ecbddd32a7d93b8f4857f0070f2c28b
humanhash: texas-high-sweet-tennessee
File name:INV & PI.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-27 17:36:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 021dc16e2aa19521e6dbb75dc5266663 (1 x GuLoader)
ssdeep 768:GEuFCCVqsDBn9NjruY40cKFjIuDy26RN3Bgcu0rV70XU+olT1tqv1BbDB0m12hlv:ZsQyNjruZnWOvgcuSV7/PqvPb2m1qN
Threatray 5'107 similar samples on MalwareBazaar
TLSH BDB3E713B5904C72ECA5CBF16C77D9542E72FD3528102E0B7508BB4E36366CAB8A1B5B
Reporter abuse_ch
Tags:exe GuLoader Outlook


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: NAM12-MW2-obe.outbound.protection.outlook.com
Sending IP: 40.92.23.92
From: larry herman <lher41@hotmail.com>
Subject: RE: INVOICE & PI
Attachment: INV PI.rar (contains "INV & PI.exe")

GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/sean_SgXXorh87.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/5062/
Detection(s):
SecuriteInfo.com.Variant.Ursu.879400.5326.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 20:06:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
netwirerc
Create hunting rule
Similar samples:
0098bf2ef8230d9bb30b451868272ffb271fe63a8c248bfc9ce569991c19f279
GuLoader
160c5ec01e302b73f84895263a7ab3b2cfbdb70598f0d338c1b196afb3f16bc4
GuLoader
2ad4a02a1f907b8036b9bea0fd940bfb47435964b23ffae577080823c86500dd
GuLoader
50644eb4c3d4ce7aa1074c0096b43b2c4e7aaff4ce9e9a650c62ae934f85c081
GuLoader
8c3ab3dfe110988d790808121453336342297777bdac96a10d317bab2b0de2c6
GuLoader
b717668f4cb542152a0b021d4c1cce6425692b80cec9c3384d5a5e9b602783ba
GuLoader
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
GuLoader
bfa0531240e8ae03aee76df45f9e4c8748ad739a63f47c81269d7b2ca05fc329
GuLoader
e8edf009c1c82f348ad925f7f9a34b4f241d52240c6cb43ab4536c4b363d5322
GuLoader
fca6ebdeec0b760f2faeef8ba5edf6ab9d0141475b5f554ef1678aa4426baaac
GuLoader
+ 5'097 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-gzzr3s8a5x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 83b3f6acd51cdeeea22bf1f6796ba7a90ad1a0a49585225b91b1d19fb9e20934

GuLoader

Executable exe 4c841c5e0c2382fae670d7f41f7a75f8d8b2c1a03ff7d7c31eff98c1d9912308

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365502/
  
Dropped by
MD5 98d6309bdb36036a9ca83b17a42fafc8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 83b3f6acd51cdeeea22bf1f6796ba7a90ad1a0a49585225b91b1d19fb9e20934
Cape
Cape
https://www.capesandbox.com/analysis/5062/

Comments