MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8bd042a9cba68f9d2fb8805abf49ffc0dc989e05df78876059f671fcfd759661. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8bd042a9cba68f9d2fb8805abf49ffc0dc989e05df78876059f671fcfd759661
SHA3-384 hash: 4395f529eed62cdb5123c7cfca0997bdc8ca870f4189b78f1c3d5b5fbb1ad11bb53670df2f2b2b2db0af4813d3ac48b5
SHA1 hash: 250b6d45ad6d99bf86c7eaaf734650fa976406c9
MD5 hash: 0265413092850afa24505c4e454d11ea
humanhash: south-mars-november-high
File name:MIDDLE EAST PROJECT- RFQ9736img.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2020-06-10 11:40:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7f174a726307bad94f3cbcf69e72ed03 (8 x GuLoader)
ssdeep 1536:Y17O+rTWeBrhYrN5/qEr5ljKX1vjkwgxmn5ioVM63XX9:6TWkYvqE7ivA85ioVM63XX9
Threatray 607 similar samples on MalwareBazaar
TLSH 37636D2265F0ED76DF736AF22EB092685997B83204C1892765143B2E363EC4AF771347
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: alibinali.com
Sending IP: 45.153.241.193
From: mehdi rebaii <Mehdi.Rebaii@alibinali.com>
Subject: RE: MIDDLE EAST PROJECT- RFQ
Attachment: MIDDLE EAST PROJECT- RFQ9736.IMG (contains "MIDDLE EAST PROJECT- RFQ9736img.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=6196314C52185EFC&resid=6196314C52185EFC%21106&authkey=APE4rX1hRtMrxXE

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7528/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:42:09 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rpiefkolu2hz2l5yqbnl6sp7ydojrhqf354ioycz6zy7z7lvszqq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2a46d6c287851041f7a352051cadd95de3379b8878191c925f7d423a475936e6
GuLoader
32031ca4487b08af41a597da7d22c05a3d4f676c33119c057f3f4a1431217887
GuLoader
3c6d1adb8c659c6608e4fa44fe880adb352bd9e8491430b4f559604fd412e181
GuLoader
4bf2f4dd9ecaa28ecebae186a118cf66f8fce7ee8790351ca7224516ff47010e
GuLoader
504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708
GuLoader
5d65fcb03519e2de623db04685570406c586ee4d121c9381910932cf2e1bd344
GuLoader
7df6cffe72503e47063c3b80da0e2df2d3932fa50cb08daa8f0d0aa8ec7d8184
GuLoader
a5bd1ac8e6458e40e63cf558145dbd06cc2700d97f9ed3ae5a161b165ca6c035
GuLoader
c58594d414c882ce33499233c2f508789e5fa4d91b79ef01d763012e39d7b095
GuLoader
da19555286a99fed6a4a84c0c4b76e793618299f6d4cc2fe31373ddc033d8dcc
GuLoader
+ 597 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bp26hkaqmj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_vobfus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 6fc0fb0beee86b750a454c80b57d9788f05e3caa6ea3b99982521cad970e81dc

GuLoader

Executable exe 8bd042a9cba68f9d2fb8805abf49ffc0dc989e05df78876059f671fcfd759661

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385303/
  
Dropped by
MD5 e0176eec1f462f241256023582cff4eb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6fc0fb0beee86b750a454c80b57d9788f05e3caa6ea3b99982521cad970e81dc
Cape
Cape
https://www.capesandbox.com/analysis/7528/

Comments