MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d3cb63259a52aa1c69dc8fbe9145dd5e812de1675ba87d31de40f0efaab0574. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d3cb63259a52aa1c69dc8fbe9145dd5e812de1675ba87d31de40f0efaab0574
SHA3-384 hash: f87a97059c7b62cd946c5464cec901944f342b7fb2ca18ebfb37d24e960c5ae78481488762d5294c96f0c798efa93523
SHA1 hash: 140e87131e8065e1569f554020e2e965d67c34b4
MD5 hash: cd775cd617a02018dd12fbd640876fd4
humanhash: potato-butter-oven-table
File name:RFQ new-9089997878897897897.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2020-06-10 12:36:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7f174a726307bad94f3cbcf69e72ed03 (8 x GuLoader)
ssdeep 1536:BY7OdB0dRvV6V1D97M/bLBOPY6U4jDvWtxP/FuypsgGv:RGdtVw1D9g//BOw4jjKFuypsgGv
Threatray 1'011 similar samples on MalwareBazaar
TLSH A1633A137761ED71D77547F21EB0C3A840ABA87205C68903B9143B1E363AD8AF67635B
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Petra Hristeva <admin@apexservice.net>
Subject: PURCHASE ORDER 156921
Attachment: RFQ new-9089997878897897897.img (contains "RFQ new-9089997878897897897.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=7519DDD110DD4266&resid=7519DDD110DD4266%21106&authkey=AH5SgECIOnurKec

Intelligence

File Origin
# of uploads :
1
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7549/
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34128.em0@a0BAY0jG.23831.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:38:07 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pu6lmmszuuvkdru5zd56sfc52xubfxqwow5ipuy54qhq56vlav2a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
093e7cd7215e4c58cde245f8febd7ae91c79e3d01786e8166b6627536415dad2
GuLoader
4e6444baf61bba9f9ef1747aeb3ebc31151769e0666b8259d342ed2008e73844
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
753233a9add39ae1d7c975828f77000c63d2ab206ddbc52adc36cfd6f8ec8f7d
GuLoader
95e35f1614df92a318a749a8f62a35b9c03f2f34f08ad5606b45c9d817ff1d93
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
+ 1'001 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-plkzm24jbx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img abeb5a960205918bcafaef529d088250c66f957e3cdfc40f6cbf8c644131bbf7

GuLoader

Executable exe 7d3cb63259a52aa1c69dc8fbe9145dd5e812de1675ba87d31de40f0efaab0574

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385297/
  
Dropped by
MD5 7cf34777a9c590d01aa2bbc70de9ec33
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 abeb5a960205918bcafaef529d088250c66f957e3cdfc40f6cbf8c644131bbf7
Cape
Cape
https://www.capesandbox.com/analysis/7549/

Comments