MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ce05a475d373e53e20a6e354cb258a121f737cb8b37192b0567f958b2dce822. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	8ce05a475d373e53e20a6e354cb258a121f737cb8b37192b0567f958b2dce822
SHA3-384 hash:	1187b22cc11eb8f37d8206e04dd5f38a8d8a66aef5409a5c707ef5e93efbb353796a8aa6bdc79cefd8a42902904e2bce
SHA1 hash:	368b9dea1194dc8a598c15a19f113bb833a5d916
MD5 hash:	2e5cf8c9ff6fd4b68a998e3718083609
humanhash:	lamp-purple-one-island
File name:	specified items for order.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	86'016 bytes
First seen:	2020-08-13 06:48:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3a76bdd1222e15fafbaf2df8f91dbe69 (1 x GuLoader)
ssdeep	768:tMGQkoknEtyrpfJ6DqLLnn1FppF4kjWgZ/UVRpXu2iXCPaQHnBirdBnF9YkkU7N1:KnkoLyrhqet4zy/UVnHiyuxBNOv
Threatray	17 similar samples on MalwareBazaar
TLSH	03834B10A898E972F729C5B91A3413F3A0BABC3015465F0BBC193E5A7B76E4BD65130B
Reporter	abuse_ch
Tags:	exe GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: sabisl-bd.com
Sending IP: 156.96.44.186
From: SAB INDUSTRIAL SOURCES LIMITED<sales-support@sabisl-bd.com>
Reply-To: steviebmbb@gmail.com
Subject: Specification Inquiry Request / Provisional Order
Attachment: specified items for order.zip (contains "specified items for order.exe")

GuLoader payload URL:
http://ezvizlife.lv/wp-includes/ID3/bin_HwDEDU10.bin

Intelligence

File Origin

# of uploads :

# of downloads :

147

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/44886/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/425248

Signature

Initial sample is a PE file and has a suspicious name

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Yara detected VB6 Downloader Generic

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8ce05a475d373e53e20a6e354cb258a121f737cb8b37192b0567f958b2dce822/

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-08-13 01:41:26 UTC

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=rtqfur25g47fhyqkny2uzmsyueq7on6lrm3rskyfm74vrmw45ara._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200813-cdfkxgng52/

Behaviour

Suspicious use of SetWindowsHookEx

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.10

Link:

https://yomi.yoroi.company/submissions/8ce05a475d373e53e20a6e354cb258a121f737cb8b37192b0567f958b2dce822

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip dbcb863c6ff9e121d295b9aaa03de85655e0e7d4bd51105bf6471cde554cffac

GuLoader

exe 8ce05a475d373e53e20a6e354cb258a121f737cb8b37192b0567f958b2dce822

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/431585/

Dropped by

MD5 c9299dcf6dc1dc6aed91f592cbd684fc

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/44886/

Dropped by

SHA256 dbcb863c6ff9e121d295b9aaa03de85655e0e7d4bd51105bf6471cde554cffac

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample