MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53891fe5d9e2ae2f182407272fd849ddab52f577adbd7b127a3b042cf560b714. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53891fe5d9e2ae2f182407272fd849ddab52f577adbd7b127a3b042cf560b714
SHA3-384 hash: baf05f5eae814f2f138f5e4cd39920027bbf04eae208f088d9f3008391ad37ce8f12a707c4cbb020c6826e50b82a0163
SHA1 hash: b921ad41bafe03b668a0b40373312a73e6a3dad1
MD5 hash: a12d047e5be480434770774fd17b9121
humanhash: nevada-magazine-alanine-hotel
File name:UY_LIST_ITEM.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:09:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8fdf61810805206fe97eb19491e66cb6 (1 x GuLoader)
ssdeep 1536:eSPfxV40PXUvBCJ4RXkgrKHxLdGKc+o0FDHdZ1gIC9e5oHLqlTUtHn6:3PXPEJ6SnKVdhjFD9z+9f7tHn6
Threatray 818 similar samples on MalwareBazaar
TLSH 2BB38C17EC4D8A53C2448BBD2D179EB93A1DAA0D1D006FEF7475AE9BAD312431CA710E
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm45.hanmail.net
Sending IP: 203.133.180.233
From: 로이 유 <ssa9026@hanmail.net>
Subject: 견적요청의 件:HYUNDAI MASS QUARANTREAT PROJECT
Attachment: HYUNDAI MASS QUARANTREAT PROJECT.dwg.iso (contains "UY_LIST_ITEM.exe")

GuLoader payload URL:
http://ekenefb34logs.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/uyaka_pOdpLLVacD144.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6293/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 07:22:01 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
29 of 48 (60.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=koer7zoz4kxc6gbea4ts7wcj3wvvf5lxvw6xwet2hmccz5law4ka._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
41c40f2da6eefedf43d955988e5a29fec18a14b024741209acfd7a225899a3e4
GuLoader
4b610516f134b6efb2100a2e298a70b573be1cd6c4d653af007b907f11ff065e
GuLoader
8357fd2e6327d05c86d6e2729b65eafaf756322bc1e7bb7878cf75595c40abe2
GuLoader
ad8132d2a341bf731c105eed4dea2357f5ab516c085550294593a2e41f34ebc4
GuLoader
bb2faadcbc0d7c66a84bb763e34cc811194f21a2222541a62fd1c0d9d3ce6c42
GuLoader
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
GuLoader
cdfe3c9dc4aa1e9378e37badc6993e814acb1ddccc2920dc7fc4fa226d4058e2
GuLoader
f0904d56b0d621156adf1d4449d1b445e6d45eec9c0a4b09e22f9bb95a185955
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 808 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-r2slhyl57e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 6336647fc6fb00f31d16639b4d58b100b41bf4a08f48332dd2b5e47858b9eb6c

GuLoader

Executable exe 53891fe5d9e2ae2f182407272fd849ddab52f577adbd7b127a3b042cf560b714

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374154/
  
Dropped by
MD5 5bd91d416c96512a43c9568a7128e873
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6336647fc6fb00f31d16639b4d58b100b41bf4a08f48332dd2b5e47858b9eb6c
Cape
Cape
https://www.capesandbox.com/analysis/6293/

Comments