MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8556575140ee35421e573d86cf9e34e1062e3e6718e7c7b0059de1502b6d6d61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8556575140ee35421e573d86cf9e34e1062e3e6718e7c7b0059de1502b6d6d61
SHA3-384 hash: d4478fd1092f15860ea98ff8337718fdef69d5039401176dc428b1719aa94048eb58c4a1c7eef5bc1cf9e52c3dafe328
SHA1 hash: b5d41ce6ede25c769126a95647d909b492a688c0
MD5 hash: 005eb0c24aad00338e5003fb791b6bea
humanhash: aspen-lamp-wolfram-india
File name:ORDER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:55'032 bytes
First seen:2020-05-26 07:20:22 UTC
Last seen:2020-05-26 08:15:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash add9bcaf3c1c39e56d094d84d7af53ca (1 x GuLoader)
ssdeep 768:2/R6jvjUzMJbL41nCSXj0JTqPY9IHok6VAmLCg65aTC:OgjLGMe0Szw2zHAgF
Threatray 5'123 similar samples on MalwareBazaar
TLSH 8B3309E1F1F0503BD273EE709E72C2D8017B7DBC6A09945B1B5474CA067DA04EA6972B
Reporter abuse_ch
Tags:exe GuLoader

Code Signing Certificate

Organisation:Bandisemih
Issuer:Bandisemih
Algorithm:sha256WithRSAEncryption
Valid from:May 25 16:26:15 2020 GMT
Valid to:May 25 16:26:15 2021 GMT
Serial number: 00
Intelligence: 325 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: B6C20CA5ADA953FB1BE455FBB76F68AB709A0C26A411494CD1A317F053961FDB
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.huclangia.tk
Sending IP: 64.52.175.227
From: Paul Runyan <slim@huclangia.tk>
Subject: URGENT REQUEST FOR QUOTE
Attachment: URGENT REQUEST FOR QUOTE.IMG (contains "ORDER.exe")

GuLoader payload URL:
http://37.72.175.206/bin_JNPcC154.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5600/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43223325.26075.7040.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 20:16:27 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1de9da3a2c6effe9e9eae16a0d70fc19c633e479073f308a666665b0628e866b
GuLoader
47f80b494b4feb2ae4e346836ebe6e4b1b8137e7c20ff4668c020e35e4f45000
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
845f37af5c185070659d6a1567091c612a7f4363bbf0e93192f099967d6d8cc2
GuLoader
91ccab55a241292f119e41c55467b08fd4fdade44fe0f9a36b5ad66848491c46
GuLoader
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
GuLoader
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
ebb1d3f1ac0d238e6eb3ae96d4ebc49fb5a38c8669e74e65145c858339211dc7
GuLoader
+ 5'113 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-axyplessd6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c8d4b9824bc3eb42414f395e49992055d69c63741b9a4b4579de378f5e41842f

GuLoader

Executable exe 8556575140ee35421e573d86cf9e34e1062e3e6718e7c7b0059de1502b6d6d61

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368679/
  
Dropped by
MD5 cadcaa669c870f27c1d5a0b52102c366
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c8d4b9824bc3eb42414f395e49992055d69c63741b9a4b4579de378f5e41842f
Cape
Cape
https://www.capesandbox.com/analysis/5600/

Comments