MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c8b54cacdd83b95eeabcc825a195e5b46925fc0c91af6bdd9a9c5ff9005e29c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c8b54cacdd83b95eeabcc825a195e5b46925fc0c91af6bdd9a9c5ff9005e29c
SHA3-384 hash: ed4bae8c43023fbb2c42471a840141f95e556d6f4f9ee707112467aa6267b59366ab52d5387479aceeec24d33c0c8187
SHA1 hash: 29d18aefe84ab9a778573ba6d37bc543a445944b
MD5 hash: aa0ae8cfe23b564b13a55439472407d7
humanhash: spring-fourteen-stairway-october
File name:TROMPETER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:65'536 bytes
First seen:2020-05-26 07:52:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash feaa4225deee18a17e72864b60b0b3f8 (5 x GuLoader)
ssdeep 768:PAcPQYdIBHJ/2pkVKBtHDCCbMu3SwbRsA8Rxau1an7DbqmE6lG:PA0QY6zuhDCCYCSwbRsAkDsn7D2mE+G
Threatray 1'014 similar samples on MalwareBazaar
TLSH 34533A52B3E8D977DA9587B21E309BD840ABBC311A56CE0BB9553E5F2E31F01C86134B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Gadi Lukman <gadilukman22@yuntong-batt.co>
Subject: Re: New order Dongwoo #28487 - May 2020
Attachment: TROMPETER.rar (contains "TROMPETER.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1PAXpZcJjSN5zRbYJNRODFsWD9WEp85aM

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5650/
Detection(s):
SecuriteInfo.com.Generic.HEUR.QVM03.0.7922.Malware.Gen.663.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:36:58 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
01f8e3741798998e9bd0a8870adba209817eaa9df6a14ab67875e8292a30c028
GuLoader
163b0dbdbeb27d581695908c409f25a926613547da8cc08e844e2a93307bd9aa
GuLoader
60ccdec92b23413b1b5391cb9923931e5b151f0f5877f1f90d730f0fede5f365
GuLoader
6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114
GuLoader
895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
GuLoader
ac4035cfb9c8a93c294fe1911bd4cd94ce403d8cdc301fa4bf113144b40d1245
GuLoader
c01173f818eaf0ed530c4831f5b61e207498f606c2f61141aaf8ffc1ef62bd28
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
ded1a64ebd165901f2a790ab8d7fd0aa3ae2f97738868d2d1add45e033efe738
GuLoader
f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26
GuLoader
+ 1'004 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bx9l13l486/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 2401f59643ff63464f8d859ff27434a4a2cdd5d74f371f2fcbb51c57e701eac5

GuLoader

Executable exe 7c8b54cacdd83b95eeabcc825a195e5b46925fc0c91af6bdd9a9c5ff9005e29c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368706/
  
Dropped by
MD5 f90c9ab47921e48deda529264a2cfe3a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2401f59643ff63464f8d859ff27434a4a2cdd5d74f371f2fcbb51c57e701eac5
Cape
Cape
https://www.capesandbox.com/analysis/5650/

Comments