MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09
SHA3-384 hash: c4e257408f96fc7253c1cd020859ebe5cef7c658357fc1177f755df4670307b64ed215ae8f5d3a853b275e08d07cdf7c
SHA1 hash: dff3a1011c95e2b13b9d4965a02f278b85b82eaf
MD5 hash: 28b3056eba6eeb7c37a93a1847e0e5fe
humanhash: red-papa-fix-carbon
File name:applicationpdf 8810422.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-08-05 08:04:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 36900aeeff9d104cad7680bd0ff14bc4 (2 x GuLoader)
ssdeep 768:YLj7G+8W9I5hHQ2z+swYN3wDIUbSsv4oO07uSj:YLXGa9ClLz+swYNTU+e57uS
Threatray 2'268 similar samples on MalwareBazaar
TLSH 86835B02B2C4E632F366C9B81B7151F30A7ABD301A16DE0774583F573B76E4A99A0327
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 156.96.44.186
From: PROCUREMENT <akhai.cyber@gmail.com>
Reply-To: widodo.seltechutama@gmail.com
Subject: RFQ: ORDER #097224
Attachment: applicationpdf 8810422.zip (contains "applicationpdf 8810422.exe")

GuLoader payload URL:
http://anakleather.ir/ebukaaa_ByMaIrHe60.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/39155/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43597330.21151.22022.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/410486
Signature
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Tries to detect Any.run
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 01:25:23 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rwemth7th3f62qxedbnzex4jbjqwvibqpjkz2ykzlk3h3ltkdieq._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
010178bde9e8366d4f93c28ab8a65a7acb802353f9370de9a807ed621fa3d24d
GuLoader
23f8a240f24779895ffce4e489da04e8cc2c705b2311e13a44432a6ef1b1b430
GuLoader
2786efe3773e80f8c604fcc48b4f24911d86c7d5b1df5d19c4e17b1002255e64
GuLoader
72cba3fc465152c8ca9ddf2de472974ad26c0881ba3b85735358381c862cb3a9
GuLoader
7ba1021aa7ca0d20da2e205ff413a3153f4f3bb444a8a2bdfc0d97d3348b84be
GuLoader
8fa47ee760cf1c21de132ec77eef49282a2312f197aba6026ee1de750051014b
GuLoader
a077d38903221c844f9f20a8c6e022a3242445b85faa55e8e650b7a727e048ae
GuLoader
ceaa099f2a2de97a363ef5f7cd4e42fc5f362113a470db75d69848e24a52b14c
GuLoader
e43b2e9112cfdb0636686ec8994eaf717d159d10daefda23f11588a424468e90
GuLoader
e7e511b27ab7c95f959c45346cc2e4d79251e238e8e57df181be987036bfcdf5
GuLoader
+ 2'258 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200805-l7wgsache2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a69361df12b114cfaba615dbd846f54551deafa5d13e7f3bc76304b22ec6356d

GuLoader

Executable exe 8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/424597/
  
Dropped by
MD5 4194df0c054517eeb3041d0dc3c49fe6
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/39155/
  
Dropped by
SHA256 a69361df12b114cfaba615dbd846f54551deafa5d13e7f3bc76304b22ec6356d

Comments