MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8
SHA3-384 hash: 636cd0831947ce9672212943d9042a5e58c166ac9441540d1351b11f3c3bc5c3c1b3dafa2326ea0a2f1c124b1faeaecf
SHA1 hash: 6f93694dd673a676f736403ca67c16f6d661e00e
MD5 hash: 6084c46676317cf07f9d34cd977079dc
humanhash: gee-mirror-football-bakerloo
File name:WJ1_quote.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:05:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ba0df9af0db9d8fee9e796b7349a0407 (1 x GuLoader)
ssdeep 1536:xSPfxV40CH9htU7kgrKHxLdGKc+o0FDHdZ1gIpu3aEky3FWySUF906:EPXCtaKVdhjFD9zo4AF90
Threatray 1'050 similar samples on MalwareBazaar
TLSH F1B38B03EC4D8913C1544BBD3D139EBA3A0DB91D0D405BEF7479AE9BAD316822CA711E
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 한석 이엔지 <samsungfe@daum.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: 6-2-2020.iso (contains "WJ1_quote.exe")

GuLoader payload URL:
http://ekenefb34logs.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/wj1_KJhrVPL18.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6280/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 07:21:59 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=puiqut3pebvv7nexiikqxw6x77cdwknfwl5deqso6mvkedcgs34a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04e3c79bdcdc18cb3f7a7aa37ff10534fcd33eebfed20d65b71435fce06986be
GuLoader
335d8ed00053696daafe3bf49972b52e1db2588c913d6de0e14e6fcd158d90c5
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
77b78883671d865b91db205f68f7e5e69c9ad68687f8696f390a9b4b1449090c
GuLoader
87f0608e17f3f39e988ac186a431366e1de35968b89943a03f6681e23ab5b684
GuLoader
883f3aee2a5fbc449a9f67c9a35dbbf74ddb22e5e9e8a08c9671407bcf5c781f
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
ca1db184290b274c1f78b091bf019926fa258dd8b1f5bb316a55832aec970338
GuLoader
d571629d266c5354146cdfe698d79c88c33e598aa6c8d9a0587662c6b5421ed2
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 1'040 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-p3gvdr2pve/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 56632f2c120bc24b375aaae05e07b2b3bf2c589de8fbb32cb1cf0e482dd19ddb

GuLoader

Executable exe 7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374158/
  
Dropped by
MD5 e54ed398188201a00791e53ba8b87bcb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 56632f2c120bc24b375aaae05e07b2b3bf2c589de8fbb32cb1cf0e482dd19ddb
Cape
Cape
https://www.capesandbox.com/analysis/6280/

Comments