MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
SHA3-384 hash: 8ef87eee63086e7b8b21526cf1e3903a29d8a618d033b8abff0dc001969f11fb5cd53b457e2e7477b8d299c8941b210d
SHA1 hash: bf22f11f53cf44dc8e3faf347d278f37978cecc3
MD5 hash: ed069835b1487b5b24b6643239ec662a
humanhash: kilo-may-low-crazy
File name:ed069835b1487b5b24b6643239ec662a.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:151'552 bytes
First seen:2020-05-28 07:01:14 UTC
Last seen:2020-05-28 08:22:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 054237fce38c86bf91c00ed239eab8c9 (1 x GuLoader)
ssdeep 1536:MYvz0mUcgv1Cr4nnQsVugNOjn96NPofxe9gUdkmmPXF3smfVg8f:xU1N6x6FofazkP95fL
Threatray 973 similar samples on MalwareBazaar
TLSH 01E38312BAD5BC3DD58A2AF16C8959962A062C00BF0413EF11C5FBBE72365E17C71B1B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://185.205.209.166/wext/net-x_SVsddcSkXN90.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5791/
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.jm0@Fi1g1jhi.10509.21602.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
GuLoader
2bd1dea449db5de4c51466758cb179c40108bf6f4591648dcae7e3692fcd7002
GuLoader
474fdc334d61a837436e2979eebb789db0263ef26cf4bc00b5936823246a0b78
GuLoader
4b110258d8a90160fd07abfd441805de6b8e1cb646c0734febd7de606ca5a4e4
GuLoader
54cd2f165cdc6bc4fcc50fce8da1206b5c1bfedb442d2a000e965019d379a719
GuLoader
6a6153c0ed8295d63f23fae313939e61eb3f94cd61f7a34a22a6557318f032f1
GuLoader
aba4802ec9d322f223f22b73f41bbb77d7b6066d18c8b53571e50a9c97e727fa
GuLoader
d6ee817b81f83f699a9a9a9b242f9f99680ef1a37abcbf49a26bff50466c43a6
GuLoader
eb082ead8de20d80f1aa722b1ea95512e7c08d26403b8cf8cd6670a7fbc75c95
GuLoader
f4d8ebccd809868b63410f61d84bf12e9642f7eb015b6480610e9505da186067
GuLoader
+ 963 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-fkvdd73wwx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368664/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5791/

Comments