MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6da9387b15b610559fccc33c85fc328e56089b7356952782d0cdf49a9898404c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6da9387b15b610559fccc33c85fc328e56089b7356952782d0cdf49a9898404c
SHA3-384 hash: 254b890103de678dbce4a26e0c3078248693a1221fda84bf9b66ec50784d3e4219fc010750d42e124f1f2f2adc71a56f
SHA1 hash: 6582f3986d57e3ff41dd540fbd429f297f9c707e
MD5 hash: ebcb6281620086f4f9986d042294390d
humanhash: idaho-jersey-spaghetti-magazine
File name:ETD 15-09-2020 (MV.HYUNDAI SUPREME V. 102N_PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-10-02 09:12:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 70c5ac15467531a0143652a7ecf8e117 (1 x GuLoader)
ssdeep 384:wYxM6Jo8yEdV1bpyNkXU8Z7t3Kl6mEZk/Aztm8mKtKnsg8TjGWGEOvM:1Xy8yEdV1bpyNkXD39ko5mpnb8GGOv
Threatray 2'244 similar samples on MalwareBazaar
TLSH 4C53FA63E2306C91EE8A47F256714ABD40676E721C608F07BE5A7A1C1C775E07CB9F12
Reporter FORMALITYDE
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
158
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/67694/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Fareit.kt.5905.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader Lokibot
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/480087
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Potential malicious icon found
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected GuLoader
Yara detected Lokibot
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6da9387b15b610559fccc33c85fc328e56089b7356952782d0cdf49a9898404c/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-02 02:40:46 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nwutq6yvwyiflh6mym6il7bsrzlarg3tk2kspawqzx2jvgeyibga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
4320e2bf2bc6115ae79a52777bdd9aef62db691a756640f9c7fa6e8372e46193
GuLoader
46ea1705549840fd45e067930511c81a0b8979698f98e4b170b9a93b27a6ed0a
GuLoader
541c870536f63dd8b9eb7406fec6031505c59f5c21c8a6f581e5b29349a4a92b
GuLoader
54d3e50350cb0e6e43cae0d762829aeab02a389142d24d5c8d71c413e1d77842
GuLoader
6964c8791bbf63ce0cf1dac7e62486fd3398d16c72774904fd3a7ca4f3957fff
GuLoader
7f58301039be3f4696a431ebe72d76fce3df1e83d6ee1265bdcb27e0e45d63ab
GuLoader
a0a84ef378c8199a1b4511396d185b39d2dca86ffc608144f9d12f61d7d48cfd
GuLoader
a9e51c077a3cb18a4fbb72e9a01bdbbeac7f78da7eb0462a6c191f5956ae83a1
GuLoader
f13e6a63744c56a4815ebc9421b869c5a30a539a4053a6bf057f98cf79c06ed5
GuLoader
fff764b24ed5c9f8116b1028a39721c6c3098e0153ed368283d3f4ad4539247b
GuLoader
+ 2'234 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201002-z6wfwe9g6j/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
6da9387b15b610559fccc33c85fc328e56089b7356952782d0cdf49a9898404c
MD5 hash:
ebcb6281620086f4f9986d042294390d
SHA1 hash:
6582f3986d57e3ff41dd540fbd429f297f9c707e
Link:
https://www.unpac.me/results/74addf82-d5a0-4f84-bc8f-cd95616ec23f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/6da9387b15b610559fccc33c85fc328e56089b7356952782d0cdf49a9898404c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 6da9387b15b610559fccc33c85fc328e56089b7356952782d0cdf49a9898404c

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/67694/

Comments