MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a7527003d693b5ff45c47de2cbdec92a86e3c41193d7109821db2bde58a2d8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a7527003d693b5ff45c47de2cbdec92a86e3c41193d7109821db2bde58a2d8c
SHA3-384 hash: 639844601d1cbe1bd559a17fe6d67ff86e3ba4337763a36ac7d83ccbb5d6c9252d10ee6aca13599d18017859fe623ee4
SHA1 hash: 567e1b209f3f231e09d958b6dd24944246afb359
MD5 hash: fbdd727ac2522c34aca9da6e663d3294
humanhash: wisconsin-thirteen-uniform-hot
File name:REQUEST FOR OFFER 08-06-2020·pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 09:20:26 UTC
Last seen:2020-06-08 10:22:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6d3489b57c43aef3b2f54a7482bc72bb (1 x GuLoader)
ssdeep 768:isysfNpuRnnPilTjATMfRDCmZZL0e2cJlspTkRXQJtEWx4Be3KOr5vANBJzngm0+:isysFY6TjMQD5ZZLB2aqp0goKKJ4Gq
Threatray 979 similar samples on MalwareBazaar
TLSH 4073AE03AD04D562F44183B07E938E86222A6D2C6F066E87375D5FAFED70AC25DF162D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: zeus.webex.gr
Sending IP: 46.4.69.158
From: Australian National University <admin@anu.edu.au>
Subject: REQUEST FOR OFFER (Australian National University ) EUI894/BU463
Attachment: REQUEST FOR OFFER 08-06-2020·pdf.zip (contains "REQUEST FOR OFFER 08-06-2020·pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1QPrTgqq0Lo6RQPOkmaS6gwRC_mnbKfrK

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6966/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.26248.10247.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-07 22:29:48 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tj2soab5ne5v75c4i7pczppmskug4pcbde6xccmcdwzl3zmkfwga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec
GuLoader
15c1e154f12ddc60ff879745b0d6356a725bf030a52007841fcb9ac0ebd0a73c
GuLoader
2a058410467d9a9aca36e588d9e3a0436b90b949c352f05ace83aa244e2567a2
GuLoader
560c76df97fdc5816fa9310921082a04b44b781e60bc77f84b970df04a36d1f4
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
93dc44981a771519cbdf592c8391ada5234cd2f6c19fc0bb4b3233867db9a345
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
e28da88ff0d294d8f4bc7cacae31814a43026ddac38a554ef697e703122e46c5
GuLoader
e93ea58602fabb383b5624b79dd683dceaff52b89f0765dc66be19d938348718
GuLoader
f060225054513f81f7600706174134f5bed19ede10f3134f59514542305c7f2b
GuLoader
+ 969 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-j7ldg41dtn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 7e2e440ade521db5075dc877e16b93c1840ab396a4c7fb68e940d9524b701f3f

GuLoader

Executable exe 9a7527003d693b5ff45c47de2cbdec92a86e3c41193d7109821db2bde58a2d8c

(this sample)

  
Dropped by
MD5 7d35f6e3d6cf2ebc70daaccb0273049a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6966/
  
Dropped by
SHA256 7e2e440ade521db5075dc877e16b93c1840ab396a4c7fb68e940d9524b701f3f

Comments