MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77b78883671d865b91db205f68f7e5e69c9ad68687f8696f390a9b4b1449090c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77b78883671d865b91db205f68f7e5e69c9ad68687f8696f390a9b4b1449090c
SHA3-384 hash: 82fe3ca39558023c03c76df6ae55cbfdddc45f24c8e5f729ae200b21eec806ddfd0f337670d869816a7cfcb5033cf3b4
SHA1 hash: 6ea58b533f80dfaebc72c92787aaa6c09e6b097b
MD5 hash: 3a582f868bc228bf9d477fd55c120ffd
humanhash: juliet-oven-dakota-robin
File name:SKMBT_C284e20041410330.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:10:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1cc5e4409f9ce2ba12b08f9a89c6a2f8 (8 x GuLoader)
ssdeep 1536:tSPfxV40kKjGR3pfkgrKHxLdGKc+o0FDHdZ1gI45fEIuPUJvu6sdjWH:IPXFm5KVdhjFD9zkuRdjW
Threatray 968 similar samples on MalwareBazaar
TLSH 32B38C07ED4D8543D1044BBE3D139E793A1DB80D0D045BEF7679AE9BAE316422CAB11E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: whm.mastertindo.com
Sending IP: 103.103.192.221
From: Trinity Shipping Agency (S) Pte Ltd <agency@trinityship.sg>
Subject: ETA SINGAPORE 14 JUNE 2020-QUOTATION
Attachment: SKMBT_C284e20041410330.zip (contains "SKMBT_C284e20041410330.exe")

GuLoader payload URL:
https://procrastinatings.tk/manaM.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6297/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 01:42:00 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o63yra3hdwdfxeo3ebpwr57f42ojvvugq74gs3zzbknuwfcjbega._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04e3c79bdcdc18cb3f7a7aa37ff10534fcd33eebfed20d65b71435fce06986be
GuLoader
335d8ed00053696daafe3bf49972b52e1db2588c913d6de0e14e6fcd158d90c5
GuLoader
7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8
GuLoader
87f0608e17f3f39e988ac186a431366e1de35968b89943a03f6681e23ab5b684
GuLoader
883f3aee2a5fbc449a9f67c9a35dbbf74ddb22e5e9e8a08c9671407bcf5c781f
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
ca1db184290b274c1f78b091bf019926fa258dd8b1f5bb316a55832aec970338
GuLoader
d2e24bc0bcfa7c04b2e8a382a6ead3200ca865a771144d29d778af86559cb0ae
GuLoader
d571629d266c5354146cdfe698d79c88c33e598aa6c8d9a0587662c6b5421ed2
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 958 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-veq7tlbc4e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ded11619b4762f6b9fd74ce12b1dfe7fcc893e5df51d5d8c4921168ac381e5ba

GuLoader

Executable exe 77b78883671d865b91db205f68f7e5e69c9ad68687f8696f390a9b4b1449090c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376015/
  
Dropped by
MD5 26b027ed5b73b95fee0641c79dfd5165
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ded11619b4762f6b9fd74ce12b1dfe7fcc893e5df51d5d8c4921168ac381e5ba
Cape
Cape
https://www.capesandbox.com/analysis/6297/

Comments