MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8fac7f5a497d4b313250507c1939fab835e49b75f532dea338231747784588da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8fac7f5a497d4b313250507c1939fab835e49b75f532dea338231747784588da
SHA3-384 hash: ffd3f8673f5e4be3f9d1b79ac2078bc1f0404b90d02dfd162699f6b995cc01080989f3823f885c5f9e2a0502f4df9c3c
SHA1 hash: 95b1905c08746d7cb1eabacc24a3478325b77fd9
MD5 hash: 45b5caaaf4809f0cb4366bbb2e7287bc
humanhash: fix-connecticut-maryland-ceiling
File name:Devis urgent requis pour un projet en cours France BTSH2561.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'248 bytes
First seen:2020-06-08 12:12:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ed57d38212442c6fbd5a6c2cae3bca29 (3 x GuLoader)
ssdeep 768:vQCk639djLiKajnB/Hi+NbguqpxZiJn0Zd65yq4xXTlVX:Fn9dj2Ki1ZMHpxU35yq4BxVX
Threatray 1'001 similar samples on MalwareBazaar
TLSH D333D717B6ED4012F2054AF3FC659EDC1636EC21C502BF0B5988BA7F1F70606ADA561E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: clean306.mxserver.ro
Sending IP: 46.102.249.41
From: Jordan Tyrban <jordan@lalemant-france.fr>
Subject: Devis urgent requis pour un projet en cours France BTSH2561
Attachment: Devis urgent requis pour un projet en cours France BTSH2561.gz (contains "Devis urgent requis pour un projet en cours France BTSH2561.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1dh61IWa7fEtgrnP8A53Q04fHssd8qOWY

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7016/
Detection(s):
SecuriteInfo.com.Cerberus.7323.8368.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:26:53 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r6wh6wsjpvftcmsqkb6bsop2xa26jg3v6uzn5izyemluo6cfrdna._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15187de4f29194c60f3f199549c345592e967ee8ecf9a39b0a40c1796fdb222c
GuLoader
33b22f183b47d03a90eab7eda3ecc8f05c5e5b6e011588998d1b9aae4ead0f36
GuLoader
6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3
GuLoader
753233a9add39ae1d7c975828f77000c63d2ab206ddbc52adc36cfd6f8ec8f7d
GuLoader
7f950bc31a7a30c03b8e703b1f59673a787674452e9c258e8343f9504486a559
GuLoader
8e33267ec0f63c8cdd0bfaac8ca2e231326617683ee03d418dbd19ba00d1c2e1
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d3e8b7ec008c3b5a14ac57fe76b4a53eb4a1b90ab28d38effd051317b2a9fea7
GuLoader
e8f0dd4a951cb42729e34171301bf46bd708a8c1c1c0b5b7daf2ed9036b97cca
GuLoader
f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4
GuLoader
+ 991 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-54g1cqq9ln/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_vobfus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 4ace9077c1b8a3c46e12ccb0808f5a13244646c33112aeb2a0f7a0b4ad1d97be

GuLoader

Executable exe 8fac7f5a497d4b313250507c1939fab835e49b75f532dea338231747784588da

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383112/
  
Dropped by
MD5 6d6a7dd74e34a5c6c51869c52e40b4ae
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4ace9077c1b8a3c46e12ccb0808f5a13244646c33112aeb2a0f7a0b4ad1d97be
Cape
Cape
https://www.capesandbox.com/analysis/7016/

Comments