MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d37b86ad0cb4b99038a10d6f95febfd7d1e096ab7ba28c6c02ada2b128873bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d37b86ad0cb4b99038a10d6f95febfd7d1e096ab7ba28c6c02ada2b128873bf
SHA3-384 hash: 597c648f962bb416eb51da92dda0ffee684a2f1de6d662669a7fb66f4120b4a370bebe95821c622f2c7930a892f9198e
SHA1 hash: d9139f0a68a603966f7d4ed0a33285859e933f56
MD5 hash: b09a59e78ecfd9d3d6cb69ae55296b5b
humanhash: fruit-zulu-twenty-fourteen
File name:PO Attached.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-10-26 14:31:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 02d03956d3718b494e226bdaa75e0b1f (10 x GuLoader)
ssdeep 1536:I4oN+i+CWqTZ6DwQ2+B0ERRKh9EQXYO74IFI+:MkcWQZ6B2QrOhZtI+
Threatray 2'761 similar samples on MalwareBazaar
TLSH 5C930813BD5C5543E86987B47F9B4FBC2A4FBE24A4C12BDB24A20D9B3B3C5054C5E11A
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: whm.dhakacom.com
Sending IP: 202.4.96.47
From: info@bhawalresort.com
Subject: Fwd: RE: New PO
Attachment: PO Attached.gz (contains "PO Attached.exe")

GuLoader payload URL:
https://redesuperpops.com.br/kalidoc/CEE%20JAY%20ORIGIN%20FILE_IlZpJ111.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/79178/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/511986
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7d37b86ad0cb4b99038a10d6f95febfd7d1e096ab7ba28c6c02ada2b128873bf/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 06:57:45 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pu33q2wqznfzsa4kcdlpsx7l7v6r4clkw65crrwaflncweuioo7q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08361399bcfd6c87b301f7dd61be86d5eedf3013608d3cd98c818435bd43a724
GuLoader
092e73bea3484930380103be58ee944d620e754cfbd579e68c1fee773a478b7e
GuLoader
44da34c94fa3c1fbc77e4d18a745b1059db381ad4e6a025a90504b2bdfa73f18
GuLoader
8a91203698a5589c1787d9fb31dbbc30ab3229a6aee56992f9186a4d4fc4ae2c
GuLoader
9d4abcc57a7136faf706c30c8d644f1ac7b38a2adcff37072a4a7c356d2b8d57
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
ad8132d2a341bf731c105eed4dea2357f5ab516c085550294593a2e41f34ebc4
GuLoader
d53bb8e4561477133b4510eda133bf0740c854c587f1e3d5a676c9db33e9f818
GuLoader
d7a99f24befa69ac2bae23e028ef9342211ed018495b34b92b9e89448532584a
GuLoader
f0b159a704857b45d6336160191150963d48aa792341b9a38834fb99881c8d31
GuLoader
+ 2'751 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201026-1db5gamdrj/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 127fc371c113ace11806523a450ac593ca259d590ce3e6219b41d6befc7e9c98

GuLoader

Executable exe 7d37b86ad0cb4b99038a10d6f95febfd7d1e096ab7ba28c6c02ada2b128873bf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/750730/
  
Dropped by
MD5 b3fafa25a807d509de327515df024402
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/79178/
  
Dropped by
SHA256 127fc371c113ace11806523a450ac593ca259d590ce3e6219b41d6befc7e9c98

Comments