MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71042d1c33cb49ff3cfe79416497b82b9f58a7e3179da4a1e5ce0e9a55342935. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71042d1c33cb49ff3cfe79416497b82b9f58a7e3179da4a1e5ce0e9a55342935
SHA3-384 hash: 340cf9481ef66b7e65701fe60436ccabdf52eb294763351577d2083b8b3d14af9a90788a064ece3ea92eb3d563bfc903
SHA1 hash: 6e3d8e9ab4a991a1f636ff069eb08546f8dbee60
MD5 hash: 50aef47b4ff7ce07ee964bc924b0efd2
humanhash: artist-nevada-aspen-seven
File name:XINYI ENERGY P2.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-10 17:29:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ba2c72414ab581e87dcee5c5d5a299bc (1 x GuLoader)
ssdeep 1536:bpB94d4xRc56tvVK4kwJ7rbbwBuGvuukaotY4Iygw:14d75cK4bXbNflayg
Threatray 915 similar samples on MalwareBazaar
TLSH 88736B1FF708E593E130463115B2859057133E1B690FAD0BAE483AAD5673A07AAF763F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: XINYI ENERGY <info@huttextechnologies.solutions>
Subject: RE:Subject:XINYI ENERGY New Enquire+S-2078603 and Acessories
Attachment: XINYI ENERGY P2.arj (contains "XINYI ENERGY P2.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=2C38C37ED8430789&resid=2C38C37ED8430789%21115&authkey=AGLzNnSx71tBe9E

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7653/
Detection(s):
SecuriteInfo.com.CLASSIC.30885.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 17:30:16 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oecc2hbtzne76ph6pfawjf5yfopvrj7dc6o2jipfzyhjuvjufe2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
150399bdd91521ff244c8c83aa0ebede3560304bcd38a0fd21a189fa34b605da
GuLoader
150bc84103a182333fa76ebdbc55769240877076252dea1e3ff398272019ce4a
GuLoader
1faaeabc23e415ec50a9fb89feaf02f6571f9c29cc086dd465e464c6f62fab73
GuLoader
4fa18cee955bc3a264f0b07c5b23f1d4584bc8bf3506ee2a3a55db73dd79f4cc
GuLoader
6b44f8bb0a99d2b29794f048d92bd25805461a6eb9fe45fd82836deb63adb774
GuLoader
72eb2dc730e3574dcb204d37fcfb35cf91bacd8087d6028d743cb0992c874244
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
765500e5e5af3c7320a36073ad19d4ba4bd15a21a5c65e2ed61eabfc428244c7
GuLoader
8916a2ccfa61771ecb3ace5da83e029f1ba683f36016fafc50922c9a5615b625
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
+ 905 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hl3ygpgj2a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj bc02ab76fdd71c94a6ab6e11b8d568c94fce0888cebfff2e151ecbc29ba5b31b

GuLoader

Executable exe 71042d1c33cb49ff3cfe79416497b82b9f58a7e3179da4a1e5ce0e9a55342935

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385832/
  
Dropped by
MD5 4a689aca594442579079cf41b5c33667
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 bc02ab76fdd71c94a6ab6e11b8d568c94fce0888cebfff2e151ecbc29ba5b31b
Cape
Cape
https://www.capesandbox.com/analysis/7653/

Comments