MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99c1199a2f1bf8476f318ead8972af0dd77c13686039fb1a3f73b4f02789fd76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99c1199a2f1bf8476f318ead8972af0dd77c13686039fb1a3f73b4f02789fd76
SHA3-384 hash: d0cb39cd5776f693f545d5fcf140a10851f566b10c4b853df403fe433a7679ea1f14d3b90f5eab41cd45d4f33c2beecb
SHA1 hash: 8e000b5484b2d84d99753c4f3da4d3e4961f6390
MD5 hash: 2951274dc7260c2fff076ef35e077cfa
humanhash: friend-ceiling-item-crazy
File name:order catalog.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-08 09:20:29 UTC
Last seen:2020-06-08 10:22:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash eb9d4dda2dcb1fff1fabbe1c9117e527 (3 x GuLoader)
ssdeep 768:A2jynB8u3ZcEXZGmQJjTkp5f6R6SO4su2IHzrAjcUIP6vHS8:A2jIWOZZpGmgj8f6ISO4JdD8
Threatray 5'125 similar samples on MalwareBazaar
TLSH DC73F52376D49572CAA582B01F759BE40537FC340DA98A072C833A6F7676E46DC2E31B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: thaimartin.co
Sending IP: 111.90.145.52
From: Mahov Aleksandr Ivanovich <torcd@yandex.ru>
Reply-To: hashik@arabain-industries.net
Subject: Order catalog
Attachment: order catalog.rar (contains "order catalog.exe")

GuLoader payload URL:
http://111.90.148.217/AKU_BrLfCUCwsr238.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6967/
Detection(s):
SecuriteInfo.com.Generik.MEWNMAD.268.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 03:01:59 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=thartgrpdp4eo3zrr2wys4vpbxlxye3ima47wgr7oo2paj4j7v3a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
39beaadc7ebcd39abe102931c29a0be72847ecad0441185bc499304989c04abc
GuLoader
41baebffaddb418b4eca6aff0e3837100c93b9b025be18ebc887493f10608a13
GuLoader
64f9f1bc127c111ad02307ddc1ff43b2f9c14eb2104348a0d2bdc86d1b82580c
GuLoader
782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3
GuLoader
799f11327960ae9d85650736dc87515a5edaad3c14ddaceeb0214136f33498a0
GuLoader
841b9682f1bcb94cc4c510c2564791004f3d1c26ae764c42c145fe16ab093901
GuLoader
ce2fb70594dabbee01ba985e6e04a5fbdc57b2d589722dab7213c999151efcef
GuLoader
d1fbc7054235d4485a668fd7da82d4dd71e9c0b387c3214c9a593213634a5fd2
GuLoader
f310aa4f6cb0b3c3d237d13640594dd0a06f8c42ab5ecd1cba3daecc860129bf
GuLoader
f9fd67b28fd985eb062137c47d008ee299099dc5adf63168470603ba635a286d
GuLoader
+ 5'115 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-tggrvmt3r6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 6bf41c77ddbe1b1559d490660e27e936e1ffc79b0735af95ccde8dd0e6d38cdd

GuLoader

Executable exe 99c1199a2f1bf8476f318ead8972af0dd77c13686039fb1a3f73b4f02789fd76

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383078/
  
Dropped by
MD5 42c860e92b93c98cdc4b885ec926f3bd
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6967/
  
Dropped by
SHA256 6bf41c77ddbe1b1559d490660e27e936e1ffc79b0735af95ccde8dd0e6d38cdd

Comments