MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70bba4913ae90f045f4be502a8ccda7910f452485dc7365648e0665262cb931e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70bba4913ae90f045f4be502a8ccda7910f452485dc7365648e0665262cb931e
SHA3-384 hash: 34c44ed253de10661461b0e25610fae244c9456e1859e6d7785b259a3c21fade8f668e45c029bd067770b0e38deba6c5
SHA1 hash: 157d220b0d0628429918a0323f9ec99054f68ea9
MD5 hash: 0d4cb6d7ae2a6564c3783ca0e08ef2ea
humanhash: chicken-don-alpha-red
File name:LABILISE.EXE
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-07-30 15:30:35 UTC
Last seen:2020-07-30 16:37:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 54ea36b09be703f7b57f8256900a0654 (1 x GuLoader)
ssdeep 768:zpJloYuHgnXgOGlsZofu/qY2iQ8kCydDb:zblorQwO0sZofuSF8ixb
Threatray 361 similar samples on MalwareBazaar
TLSH F0834C02A5E4D972F755C6F22B366BF700BB6D311C01CB0BA6543E2E2F76A16D52032B
Reporter theDark3d
Tags:exe GuLoader Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
167
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/35620/
Detection(s):
SecuriteInfo.com.generic.ml.12291.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Threat name:
GuLoader Lokibot
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/404156
Signature
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected GuLoader
Yara detected Lokibot
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70bba4913ae90f045f4be502a8ccda7910f452485dc7365648e0665262cb931e/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-07-30 15:32:06 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oc52jej25ehqix2l4ubkrtg2peipiusilxdtmvsi4btfeywlsmpa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1dfc1867ced521cbf61f7bbe647e8a6e5bdd3a05e22c05dcee20660e236d5812
GuLoader
1e04c1e4eefe23f454553364e757209462f2561d8455628b296b1dbe83fc6ec2
GuLoader
65bdf218a95af52100c20e6f146a7acf16aa0ed0a34ddc7f4a68c66554b648da
GuLoader
8cb14b0233584540a257d1189f2fc36f44c34847778476d1be5bd6441353a7d1
GuLoader
a1b4f5843ab2c3a907909d3ec02b489e6703c8d78a8ac15ea47d52c36a77f4d3
GuLoader
a84cf81fa2d7790ea8f5d59354fa47d2067a12c89c2d975ee2f3b9547765be1e
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b866a18458d22f3c362eb9db308ccbbe80ad1a1ef04d9f1c8ba6d3c66ccd4971
GuLoader
d2bb06dc3882c72e26ed7598fee37d128955c229246225ed393d90bd2a4eb1dd
GuLoader
eb5b36b887116b5aa12cb5609d9d2e132829e325b2c3e16133299696460a0e92
GuLoader
+ 351 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200730-wxxtzhtxmj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/70bba4913ae90f045f4be502a8ccda7910f452485dc7365648e0665262cb931e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/35620/

Comments