MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a9066b12a2f166d08dbf5dbe518236571d7a9719f09673d32080287cf23d5be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a9066b12a2f166d08dbf5dbe518236571d7a9719f09673d32080287cf23d5be
SHA3-384 hash: 8f7046e048680c140737087b6e87df46bbdf8d43c36ff109a04c87e9a588edc2ed44de8d95c9f0a5d0fd023e29b72186
SHA1 hash: 00485cf237f902896dc37f94ef890bdceb7fbbb0
MD5 hash: 543d6e175d8b547bf91c7fd7856b883b
humanhash: georgia-fish-potato-east
File name:RFQ_64735EAA.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 13:18:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a7361a6ce181c696379d2bb48cb7d7f3 (2 x GuLoader)
ssdeep 3072:cPXT9jIQ6KKVdhjFD9zSO3tZtUNquV2O:cPD90QZwWkmI+2
Threatray 1'358 similar samples on MalwareBazaar
TLSH 46B37C17ED498953D0088BBD2D078DBA3F0CB91D4D004BEF7579AE9BAD312121DAB21E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Mireia Redondo <mireiaredondo@yuntong-batt.co>
Subject: TH64735EAA (OATH DENIM ANORAK)
Attachment: RFQ_64735EAA.rar (contains "RFQ_64735EAA.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=10xx4qDyqe_HKOBlCnkEo0MdtsxGaxmML

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6313/
Detection(s):
Win.Malware.Generic-7998112-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:38 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nkignmjkf4lg2cg36xn6kgbdmvy5pklrt4ewopjsbabiptzd2w7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04e3c79bdcdc18cb3f7a7aa37ff10534fcd33eebfed20d65b71435fce06986be
GuLoader
345ed143bf3a28f74de72fa62a271a67fb28ae04e6ca0fefa8eb09c7782dc3e6
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
474fdc334d61a837436e2979eebb789db0263ef26cf4bc00b5936823246a0b78
GuLoader
65ec71a21b121cb6b5ad5c16425f217589eac46a8879aad3a8f04f5e5b2d872e
GuLoader
7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8
GuLoader
82e103d51a6261e2e40f59c1d4c3ba819eb02910acb85a76e0de1e739e77433e
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
b8a70285a4c92a2f629bcb9f0beafccf5ac73e934e28401b970ad4ca6d8bc60b
GuLoader
e874283490ec44e6cad0729867ee2441d0eb80d76b615455babebc7f5d4ec452
GuLoader
+ 1'348 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4f9kevb7z6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar cea11cd65f59f3751db94a9f7303336762ad7d984ac9f38eb9df9d9360c7e660

GuLoader

Executable exe 6a9066b12a2f166d08dbf5dbe518236571d7a9719f09673d32080287cf23d5be

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376181/
  
Dropped by
MD5 417c2c4c06e57d001bfcca9baf63cc48
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 cea11cd65f59f3751db94a9f7303336762ad7d984ac9f38eb9df9d9360c7e660
Cape
Cape
https://www.capesandbox.com/analysis/6313/

Comments