MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b44f8bb0a99d2b29794f048d92bd25805461a6eb9fe45fd82836deb63adb774. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	6b44f8bb0a99d2b29794f048d92bd25805461a6eb9fe45fd82836deb63adb774
SHA3-384 hash:	fe7b2d2c17b3e2e93205d36e550c594d38c621875aa15a79959e144a5f077caf92902783c3aa9255adae5fa9faa77a93
SHA1 hash:	3ee0602a2ca05700756dabe78f8f267c8303e117
MD5 hash:	bacc14e31f4846dd087badb506da6141
humanhash:	november-seventeen-six-mike
File name:	Canzonenng8.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	69'632 bytes
First seen:	2020-06-10 17:29:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	39051f7732a7c29575cb3c32811cab5c (1 x GuLoader)
ssdeep	768:b+7JEfq4d4DdewdNesWnjZHPc5gCgi91X+0bb94yTynmxAfj1nkhlx7r8nX:b8J94d4xRdNrqtvPu7rbmDmxInkhlxG
Threatray	1'051 similar samples on MalwareBazaar
TLSH	B163292FE606C423F025623C4CA5C9942A42AC1B550F5D176D786E198A33D43BEEF6BF
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

From: "Amy Li - Account Payable Addcon Asia Ltd." <contact@bbconstruction.online>
Reply-To: "Amy Li - Account Payable Addcon Asia Ltd." <ann956844@gmail.com>
Subject: RE:Account Statement/vbspamtest.com
Attachment: SWIFT.zip (contains "Canzonenng8.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1M-ObtJKVduN5fpVgXp10StT50xuD8fzK

Intelligence

File Origin

# of uploads :

1

# of downloads :

152

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Remcos

Link:

https://www.capesandbox.com/analysis/7654/

Detection(s):

SecuriteInfo.com.Win32.Injector.EMIV.27893.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-06-10 14:38:18 UTC

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=nncproykthjlff4u6bensk6slacumgtoxh7el7mcqnw6wy5nw52a._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

150bc84103a182333fa76ebdbc55769240877076252dea1e3ff398272019ce4a

32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691

4fa18cee955bc3a264f0b07c5b23f1d4584bc8bf3506ee2a3a55db73dd79f4cc

688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388

71042d1c33cb49ff3cfe79416497b82b9f58a7e3179da4a1e5ce0e9a55342935

7f7f93ae7c3ce6bd7d154c2e2188bd39c7d511df8fc890e46085afc34acdba2b

ad3cc0c05d4a7f42dba42a7bc414b78d50e3279d4ac40cdeda7d893c50020231

c5ef77c9b5293774ac7a58fba97cce6a84d3948af08b014a08c155e978c09eef

d00ee0e6eab686424f8d383e151d22005f19adbda5b380a75669629e32fe12a6

e28da88ff0d294d8f4bc7cacae31814a43026ddac38a554ef697e703122e46c5

+ 1'041 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-t9qcdlby4x/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 118b2e8ad335835fc74d58f08b18196ea3f1fd112446406814f49e9a0c30df30

exe 6b44f8bb0a99d2b29794f048d92bd25805461a6eb9fe45fd82836deb63adb774

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/385831/

Dropped by

MD5 67970e17260037c682c8dc35a310296f

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 118b2e8ad335835fc74d58f08b18196ea3f1fd112446406814f49e9a0c30df30

Cape

Cape

https://www.capesandbox.com/analysis/7654/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample