MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61b5d789c9983fb294e4e91fdcd1487c896fbc12a0a605215a48f589b6fb4937. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61b5d789c9983fb294e4e91fdcd1487c896fbc12a0a605215a48f589b6fb4937
SHA3-384 hash: 057d452ceaf1da71720440a1145058b9a5f137cb2fae4b17d3744493ea5efdd3959cf88e9cf2380b727832eb46b49edc
SHA1 hash: cb8415dd72a20db48a31c29ef9526474fce490dc
MD5 hash: 1604b724d756892e1b2009c920d78846
humanhash: green-salami-jig-high
File name:DOC.950____________.pdf.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-06-08 12:09:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c28a5cb920783dc571415452a094c057 (1 x GuLoader)
ssdeep 768:VN6u1aL3mNtlrHBOjh8ClvaOKXY6lwdZTHi6J4Yd6E+oT6G293iuRBVTJ+:r6uRtSdVaOslwdZriaVCi2hiuRfc
Threatray 878 similar samples on MalwareBazaar
TLSH A3839D136554C152E1350A702CA3DEF56E26BC2918416F4FA285BF4FE836B52ACBB33D
Reporter abuse_ch
Tags:bat DHL GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: billing <billing.expressec@dhl.com>
Subject: New Shipment Documents-DHL950446602
Attachment: DOC.950____________.pdf.gz (contains "DOC.950____________.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1b-sW-7G_k5CLKg6-ti-DyKJ18CSNDetN

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7006/
Detection(s):
SecuriteInfo.com.CLASSIC.24445.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:11:05 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mg25pcojta73ffhe5ep5zukipsew7pasuctakik2jd2ytnx3je3q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1262d63aabec1fe6b68df348419485b7bbe4fecec2bac3cdcc4fe42b12d24d96
GuLoader
15187de4f29194c60f3f199549c345592e967ee8ecf9a39b0a40c1796fdb222c
GuLoader
5c981192bf5e45d352e5abcde6fc0b57b9dc3081b34d3f1a76dcd52a0111c4fa
GuLoader
7f7f93ae7c3ce6bd7d154c2e2188bd39c7d511df8fc890e46085afc34acdba2b
GuLoader
89e54f19c04bb28c90f0ee75419a149c8178f9841435a20be727506d0c9506d3
GuLoader
8d4b6b5a3f228456841a6627f6b4fe4de260e1261e312b30b62120d5297e68c1
GuLoader
8dfca70c89e2310b9f8af5cff4ace9dc09676db2e19950afb205518c581f9627
GuLoader
8e73f4dbd13dd1cf8475bab8fae351b8a05507e429bd3b3700fca13dc764d66a
GuLoader
cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef
GuLoader
d894062069e0d2967a0ca5655892f29e511d37dd5de5f5dc02e7ed54f2e4fe45
GuLoader
+ 868 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4wq7drpbcx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz e1913be166290ba6f5c04ec2099d0c226ea503fc8386043fce411b050ee53f84

GuLoader

Executable exe 61b5d789c9983fb294e4e91fdcd1487c896fbc12a0a605215a48f589b6fb4937

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383146/
  
Dropped by
MD5 149d033962fffcfc851d2912035fac61
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e1913be166290ba6f5c04ec2099d0c226ea503fc8386043fce411b050ee53f84
Cape
Cape
https://www.capesandbox.com/analysis/7006/

Comments