MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8606768cb758ba8379659f65220250ebc1c491dabd668e7f98663571419cadf2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8606768cb758ba8379659f65220250ebc1c491dabd668e7f98663571419cadf2
SHA3-384 hash: 3a59c4c9c254a7be2f0f60d300605a9e51a3ed9c11940c0859faa59c4ef3992c2f32c9c358bce189b553b43319e53001
SHA1 hash: 393b80034df7c9d7c1bbe853735226d81573c4e6
MD5 hash: 2dc4b40f6225f16e18f09a20e88b5e81
humanhash: paris-louisiana-indigo-east
File name:GB20200602.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 11:26:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d968760341e9f695072dbeef0ebf30b3 (1 x GuLoader)
ssdeep 1536:aQFO8lLm14r+gU/BswcKlmLzwKQwOVEL41SyuLZX3:+u+gU/GEl4zwPp1Sz3
Threatray 5'097 similar samples on MalwareBazaar
TLSH 6E9308037AD54611F1B24A712EBB82996F29FC1A4D429A0F354D1E4B7B317A29C6C33F
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: linux1.hiya.digital
Sending IP: 72.52.131.205
From: Yeong <rafal.gasior@astoria.pl>
Subject: PO162510--컴텍_매수_주문
Attachment: GB20200602.cab (contains "GB20200602.exe")

GuLoader payload URL:
http://ekenefb34logs.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/gambo_FguXrzR169.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6122/
Detection(s):
Win.Dropper.Nanocore-7995244-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 07:38:16 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qydhndfxlc5ig6lft5sseasq5pa4jeo2xvti474ymy2xcqm4vxza._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2151298323c73bf6173dc2887e1f50d78d493d3029f3da3b525e48f3aeea5e47
GuLoader
64379371f079edd1bb0d1a26a98e0a487c4e89a468f60674d803f929d24d3ecb
GuLoader
6f4b543bdd425e2cb35fcc06f79dfac486985ae0d84133c34e0fd01b3a2c22bb
GuLoader
8c57c150d120c496a04aaad020b5458e8eff5f3fd69704a581360c785288c8d0
GuLoader
9b727d12d8d7a5568f0e1e4aa4d5e50365e7de1a213f672c68db74aae0f68246
GuLoader
a0c33533f61ee5c6065bf97a8e821512778417f2d51b205637af5324a68aa162
GuLoader
b189f4b81e32c2be2c252d6f6ba160bf8566aa74be9642af4af5e3b424be54ca
GuLoader
b43bca6dcc03b6c289b15fd6dde4bde2dee13d024f08b0ca47efefc9d9aa3d8c
GuLoader
bb7d7db00c98fc9b833c3da4a614e726380c6d0a8d5fe45e12ec4209ddf85806
GuLoader
ce6d1fc239eb571fde9427c0d7f11d7b6a7a1c0466711524b690ca0de3556a6b
GuLoader
+ 5'087 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ldcnsnme3e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

cab 8893982594dbace5d7a77b82bd54f68ed2f282c09e830aef91c78f6b98f5011d

GuLoader

Executable exe 8606768cb758ba8379659f65220250ebc1c491dabd668e7f98663571419cadf2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374149/
  
Dropped by
MD5 7cc50904257dfdf2ed21cf674768c818
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6122/
  
Dropped by
SHA256 8893982594dbace5d7a77b82bd54f68ed2f282c09e830aef91c78f6b98f5011d

Comments