MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8108b6460ecdf23ee9c1bb800dc330b657fa8481b5f95c8aaa3ccff9ee10d4c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8108b6460ecdf23ee9c1bb800dc330b657fa8481b5f95c8aaa3ccff9ee10d4c4
SHA3-384 hash: 3b1f49c267fe5b20b677d3ca9cc28b7e396e9fe64f338d2816f979c677b2d23bb8ebf4fd08b0da473792255bfbdc3bc1
SHA1 hash: bda67c7e3aa2a3d2d5ecccaa8381270242f29c1a
MD5 hash: ed6151b1fc63d0bdbebd91ee1094386f
humanhash: lamp-hawaii-delta-foxtrot
File name:Quotation_76873342_98045300.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 09:19:57 UTC
Last seen:2020-06-08 10:22:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c5a75d8004581aa023b2a770e38c1fab (1 x GuLoader)
ssdeep 768:yFysfNpuRnnPilTjATMSRg6svcEhYI366dfZDPHuQpTkRXQJtEWx4Be3KOt/Wr0n:yFysFY6TjMjRg1l1PHbp0goKKYWF
Threatray 850 similar samples on MalwareBazaar
TLSH 2D73AF03BC08D652F40187B26D938A9623066E396D01BD977B996FEFEC305826DE532D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 156.96.62.50
From: Info<info@gmail.com>
Reply-To: snice7312@gmail.com
Subject: RE:Quotation_76873342_98045300
Attachment: Quotation_76873342_98045300.rar (contains "Quotation_76873342_98045300.exe")

GuLoader payload URL:
http://simayesarbedar.ir/CHUCKS%20LOGGER_TxYyY251.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6960/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.4867.11550.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:20:07 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qeelmrqozxzd52obxoaa3qzqwzl7vbebwx4vzcvkhth7t3qq2tca._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
23cfbb0bf1e110a79678f45c29897e6090b660d3df420bbb916fc3f1bc12eead
GuLoader
268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e
GuLoader
352837f7f48c65bab461ad1a4b907226f08604cf13390f8e187daf08e0da7aa5
GuLoader
6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6
GuLoader
6715e87f7070a2d7b5b2c71e98a7bade689a504aed3b95654af3494248a501d4
GuLoader
75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6
GuLoader
aef1b48a6c4077dd71346018f0fbbf86239a35f34babf980e4469da9ddbf42ac
GuLoader
e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e
GuLoader
fc83deb95f3429cec6679ff8d3ebdcc3ef8cf4944bf0b83dd4d84e5f664b000b
GuLoader
+ 840 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-amstmt4b6j/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar be54c119fb6d4aa9f9e413aaba88061c9ae39029ebda0395f1fe06e87e805132

GuLoader

Executable exe 8108b6460ecdf23ee9c1bb800dc330b657fa8481b5f95c8aaa3ccff9ee10d4c4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383093/
  
Dropped by
MD5 f328276a105178e55acd896aaffe9d42
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 be54c119fb6d4aa9f9e413aaba88061c9ae39029ebda0395f1fe06e87e805132
Cape
Cape
https://www.capesandbox.com/analysis/6960/

Comments