MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85c90523ee7cf832993784c6a6b0c6aef6f42ed71d670cef3b11e1673708d8a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85c90523ee7cf832993784c6a6b0c6aef6f42ed71d670cef3b11e1673708d8a3
SHA3-384 hash: f4285f22286117e323a7375ca656a0f1cf82656d7f5d1e63d5dbf1b2c2589a304bc887ba4790e3e7d02182d71b114630
SHA1 hash: 98a8f0abe4a43c4f0091103033bd2c8eb8d4d8af
MD5 hash: f41f44473b0b4b1a2eafc989efd33c79
humanhash: delta-montana-illinois-uranus
File name:New Purchase Order file 93373Img.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-04 15:55:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4026f729103b812aae1671acd7a78eea (6 x GuLoader)
ssdeep 1536:7oMrgz7zyCsIvGMD1MwgtxJjDinL+ap/AEfgd0VESjPK65V3gedfrOU+EK:trg/GSD1M3unLzId0OSbK65VwedCFEK
Threatray 583 similar samples on MalwareBazaar
TLSH C7937D625BF6AE31EE36CBB107F45154903BA83634CE4D0B15F929386F36A48B4B2753
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Titus S Kemp <procurement officer@ctc-group.com>
Subject: RE: Urgent Request Quotation CTC Group Global For HTR 864
Attachment: New Purchase Order file 93373.IMG (contains "New Purchase Order file 93373Img.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=F53D70ACEFBCDE31&resid=F53D70ACEFBCDE31%21106&authkey=AFDBdxoeAHd_RRw

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6579/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 15:02:12 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qxeqki7opt4dfgjxqtdknmggv33pilwxdvtqz3z3chqwonyi3crq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
211abb81c05810e3f08608a7035e8c4c3337de419e63257b4c3e4a1d2669aec5
GuLoader
2303d08c9c8f35e63306c76d1c12aa08f963082214151638bf9d2390b43c14d3
GuLoader
442da6cd292d000d3fef72ddafe270e3be432ecfc4852933efa12ab4c24748f7
GuLoader
77b2ce43a1a7363d6c90b9b11fc05220511a868f4f8ca72cd6cbe3219f79fbdd
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397
GuLoader
d11f49cceb75957df9dde57b197a71b081579d2a63eaf294974e5d03dbb6a558
GuLoader
de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42
GuLoader
f0713862b4e2fada33840fadf5ef495327be65c8a35f9428d8e365363a9eb44a
GuLoader
f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4
GuLoader
+ 573 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-19qq7xegle/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img ef388fc1b970e5156fc79d69a69fdcae110624ae37e5ee90eb9814798189cd91

GuLoader

Executable exe 85c90523ee7cf832993784c6a6b0c6aef6f42ed71d670cef3b11e1673708d8a3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/379325/
  
Dropped by
MD5 677b18af479ddbf2786204b7cd7b838e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ef388fc1b970e5156fc79d69a69fdcae110624ae37e5ee90eb9814798189cd91
Cape
Cape
https://www.capesandbox.com/analysis/6579/

Comments