MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41
SHA3-384 hash: 9b734c115c706255dd1ee4ec8d03a5639e917da5f0dae7daa60f9af93403412f4a207402d81a7478bd69dbc9a4f4987c
SHA1 hash: 6184598ebf3555d9cfbe4f8e8bf9312eaf01ad11
MD5 hash: eaa84e6995f65e6a783d47b4153cad3d
humanhash: jig-london-spaghetti-lithium
File name:Draft_B096122_images.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-06-10 12:34:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 696e9207c0e6f83109a9bef2b150c5d2 (1 x GuLoader)
ssdeep 768:b1cyEfq4d4DdewANR/TqWLc7RX91X+0bb/HtBOvWN6CMxPiDvj0Ytf:bZ94d4xRSLq7rbFBlMxPikG
Threatray 21 similar samples on MalwareBazaar
TLSH 73536D0B7E0DD153E02987B01872A9A51B66BD1C4A01AE173F9C7F7ED632192BDE321D
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 061001.novalocal
Sending IP: 45.147.162.21
From: Jason Bourne <admin@moenepa.tk>
Subject: 回复: 回复: New Order for CAMC 6x4 tractor parts
Attachment: Draft_B096122_images.rar (contains "Draft_B096122_images.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1fJIgOWmXE6M1Uys_fzsb1JFobWD7UCi8

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7535/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMIT.3400.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:36:05 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l5y7ueivzdo27psccwvzwwtjszrylpzyxpydhsoanvw3vik2xnaq._file
Verdict:
malicious
Similar samples:
0d6ae470c3a3700a88b9a1c42d6216e0e0dd9ba7005c3fe8c7cdaa1108408fab
GuLoader
2090709916a41cfe9ae1ebf1fd4e1dc13803e1cbefac6b796a79311cb5a95e2b
GuLoader
573e0b24a46f4c80e6e20d935166a5cbe9bfb3c9704831ac3d2f12ed704290c6
GuLoader
8e8ca471a9f9af066d0c6bc50224b2a42047babcf74fefa7a2746e2177148743
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
dbfdd9906827edada6d6bb63194a7b952f6e5f7592f59f2a9b7ff0dbe9dd01c0
GuLoader
e3936d05a6f6931946763895cb68f9afc1708643c41c78a179dce0b87f3abc08
GuLoader
f0f07c2192956e44619a5bea6c55b3f2d4be7ad9fd86fa1e85f734deaacc05f6
GuLoader
f6d45dfe2df55a795c38882a4b7505efcf2ba8af52e065973c5522cecd5099da
GuLoader
f83a6bef755f005fcc8ac28da9b41ab4aa94d06d43543b7dfef4ff157b75226e
GuLoader
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3j1f3tdjxx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar aecf814722f6ccacfc9c54ae82665e8cac44f0b660032d5c4a94ba8ab2d8dade

GuLoader

Executable exe 5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385336/
  
Dropped by
MD5 dcedf4d413f00ca2ea82e5b507456e1d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 aecf814722f6ccacfc9c54ae82665e8cac44f0b660032d5c4a94ba8ab2d8dade
Cape
Cape
https://www.capesandbox.com/analysis/7535/

Comments