MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 784d9c10d108190a9e18b3d5756404a3e63fd728abd648225cbbf80c4f78fe76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 784d9c10d108190a9e18b3d5756404a3e63fd728abd648225cbbf80c4f78fe76
SHA3-384 hash: de7904c0c658343c4ae1318eaa3ed9207ed42f208f55db4a55700b9d24906c44f3daf95493100602edc3dc53e055c146
SHA1 hash: 6bed81c2f381e93807853f4fb57ad429830c6ab3
MD5 hash: 39cb042e5fe6e80bf39903e86e0d5d94
humanhash: kitten-green-delaware-paris
File name:Glosebogshadowg.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:61'440 bytes
First seen:2020-06-10 06:50:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 24417b76997b2633b8a5e02d24032f51 (2 x GuLoader)
ssdeep 768:AxA7ZueGUZwr37VfpBDT2hR+jfb7K20UOkrLI+J/IQK/e:AxUueG/37ZwszTPxI9e
Threatray 903 similar samples on MalwareBazaar
TLSH C5533C2BBFE49932D96683B62A714BD44D76FD350198CB032D0BA65C7533AC99C2C30B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Nikolas Leon <nikoleon@yuntong-batt.co>
Subject: RE: RE: 7928/PO/GEN/JUNE 2020
Attachment: Glosebogshadowg.rar (contains "Glosebogshadowg.exe")

GuLoader payload URL:
http://111.90.148.217/evaaaa_KaOelOMF53.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7466/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 01:06:52 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pbgzyegrbamqvhqywpkxkzaeuptd7vzivpleqis4xp4ayt3y7z3a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
118dd258630c48b0beacd8b4c04c9c9cd3b9f698b660b6a904b1dfc033e00cd1
GuLoader
291ab03f4f24972f2c8d777dd0a76bf603153a6457947f6eac0d8dcfac95e426
GuLoader
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
GuLoader
994655b2cfd0979f7b96ae1f4423510633a82adf92fa6486dfd2f3243e96618d
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b5961f407c0afef04c9406ba17cbae3fe4cc575b47e50081abbda0d96f9c0f18
GuLoader
c804f5f16c0a482839a2b519a7f7d5183d9b3e12bdcce8bc36d7463294668c25
GuLoader
e28da88ff0d294d8f4bc7cacae31814a43026ddac38a554ef697e703122e46c5
GuLoader
f369e30fd81082121a647df35059bef5bec1195fb240ca1b622ebcce75a4bacb
GuLoader
f4c0aeafea6dea460b8dd8561ce5ccf973c43dae4b306fe05b63bcf09e9d6db5
GuLoader
+ 893 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-l3f9q4fsj2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 641c5ad07a169032f6971f9c3302bc4aa6eac15fd6942cdcf3d42803cf7de85b

GuLoader

Executable exe 784d9c10d108190a9e18b3d5756404a3e63fd728abd648225cbbf80c4f78fe76

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385266/
  
Dropped by
MD5 ef6b01e9a365224554a12b505ecffa6b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7466/
  
Dropped by
SHA256 641c5ad07a169032f6971f9c3302bc4aa6eac15fd6942cdcf3d42803cf7de85b

Comments