MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 994655b2cfd0979f7b96ae1f4423510633a82adf92fa6486dfd2f3243e96618d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 994655b2cfd0979f7b96ae1f4423510633a82adf92fa6486dfd2f3243e96618d
SHA3-384 hash: 6ce60c3e5b376df048558aaa6754d79b531c856c140992534e4d03e8359096508b1b90e6bf201a985d5b2f387f4d317a
SHA1 hash: 43aed757f4864e1fab98d88faf690d84435d036e
MD5 hash: b7974ace4e5436770ce9b63a315fab68
humanhash: dakota-juliet-two-north
File name:CEMENTOS-DOC.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:61'440 bytes
First seen:2020-05-28 07:34:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 69be9e3c41d4ad37675f2a02b604723f (2 x GuLoader)
ssdeep 768:CZZ3hCu+e5MxzVZpXEewlIAc9BRYxLznw72c:0rCupIZZFrWIbW/c
Threatray 972 similar samples on MalwareBazaar
TLSH 17531917B598D472EE2C8B751F75DBD80667BC308C564A0739867B7E0E33E821DA221B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: kfistudios.cam
Sending IP: 111.90.158.131
From: JUAN ALBERTO URBANO <grencia@cementoscauca.com.co>
Reply-To: hinduhyog2011@gmail.com
Subject: QUOTATION INQUIRY
Attachment: CEMENTOS-DOC.rar (contains "CEMENTOS-DOC.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1LmyqIluFJ5HoNT0VjWSvtPFmVfK-cvxy

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5835/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AC.2627.26113.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 05:41:07 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1c6c9635f0c01cc93b504293351215058cf9ef8b62ca38ce71012a4875fbe0a4
GuLoader
1ee39f6cd500940ad97c444778dc717361e01ce5579a28d761aedae86e85af64
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
784d9c10d108190a9e18b3d5756404a3e63fd728abd648225cbbf80c4f78fe76
GuLoader
92714bd064db14df090e83922023d6ebc0e515909e223e9277a35c570b0a36e0
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c804f5f16c0a482839a2b519a7f7d5183d9b3e12bdcce8bc36d7463294668c25
GuLoader
d213c80671d27596824def5ecb513b07e2118bd110e1230ed68aa4daab49bcc6
GuLoader
e93ea58602fabb383b5624b79dd683dceaff52b89f0765dc66be19d938348718
GuLoader
f8bafa64755f10484342423a2069ab6f9f817065b1f6bd45db2032677c64b7ad
GuLoader
+ 962 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3flvqa7fsa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar c8e41c717befab77f5b7a3641bc1f6c0832f9f8e80d30873be1a888e5bfaf7a8

GuLoader

Executable exe 994655b2cfd0979f7b96ae1f4423510633a82adf92fa6486dfd2f3243e96618d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370302/
  
Dropped by
MD5 44606c062b149f83d21924f606e201fd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c8e41c717befab77f5b7a3641bc1f6c0832f9f8e80d30873be1a888e5bfaf7a8
Cape
Cape
https://www.capesandbox.com/analysis/5835/

Comments