MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fa18cee955bc3a264f0b07c5b23f1d4584bc8bf3506ee2a3a55db73dd79f4cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4fa18cee955bc3a264f0b07c5b23f1d4584bc8bf3506ee2a3a55db73dd79f4cc
SHA3-384 hash: 351213836366db4a2f30d381776a3ea1ee1f87b0843711cb33264c119133b74252647047850b744010d8b2926a77bbef
SHA1 hash: 54806ace1fc48b629f4350cdbfa5e6e004008908
MD5 hash: a2c6ac88648c915bb92c6d6c59b4d18e
humanhash: cat-angel-moon-hawaii
File name:Lling7.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-10 12:33:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc09c22a9af383806d922393e79cba7c (1 x GuLoader)
ssdeep 768:bIxEfq4d4DdewWBCZdFWFwX65DysNIC22X+0bbEq2JwBV76Kf3k0/G82seNr88vH:bM94d4xRdZdFWqqY6rbX96K86G82seP
Threatray 1'051 similar samples on MalwareBazaar
TLSH B7734B3EE608D553F1300A3019B285D0A7536E5F660F6D07AD587E6A0A73913ABE723F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: loft11155.serverprofi24.com
Sending IP: 188.138.57.207
From: Account Payable <cherrysammy101@gmail.com>
Subject: PLS CONFIRM BANK DETAILS!!!
Attachment: BANK DETAILS.ARJ (contains "Lling7.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=115ym8Wl6M_jzLJIwzT-6p9OidXfQDvL3

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7533/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.BadFile.lm.25976.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:35:05 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j6qyz3uvlpb2ezhqwb6fwi7r2rmexsf7gudo4kr2kxnxhxlz6tga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
093e7cd7215e4c58cde245f8febd7ae91c79e3d01786e8166b6627536415dad2
GuLoader
150bc84103a182333fa76ebdbc55769240877076252dea1e3ff398272019ce4a
GuLoader
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
229d8d98a701a24e93b4e374092a5ce767fb859ffbc243cea9c1486b871dd4fb
GuLoader
41a9a33741271ed8654135fcc3ece20c710503ad40a6707e84541bf4710641a8
GuLoader
5c1fd78532bdfda40cd3c1a1e953307e979f71435272165b1104fee6d842d91e
GuLoader
6b44f8bb0a99d2b29794f048d92bd25805461a6eb9fe45fd82836deb63adb774
GuLoader
71042d1c33cb49ff3cfe79416497b82b9f58a7e3179da4a1e5ce0e9a55342935
GuLoader
c98091ed44cd76e438ce2e7a9c71b57d37ff45903d365162040af94fa143b9f5
GuLoader
d00ee0e6eab686424f8d383e151d22005f19adbda5b380a75669629e32fe12a6
GuLoader
+ 1'041 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5tknm7r936/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

d51807b7550cccfa195c0c970309e309

GuLoader

Executable exe 4fa18cee955bc3a264f0b07c5b23f1d4584bc8bf3506ee2a3a55db73dd79f4cc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385251/
  
Dropped by
MD5 d51807b7550cccfa195c0c970309e309
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7533/

Comments