MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d1e282f59429087df1054945ab7d3fb91eb057c9bc1d6d43f062b0a7e25a043. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d1e282f59429087df1054945ab7d3fb91eb057c9bc1d6d43f062b0a7e25a043
SHA3-384 hash: d5c6dfa5be03fa1d1947890b2e61501fd384799910ec21fed77984c7fbd88a15cf2db39015fb251d934e9d447a579532
SHA1 hash: 40ad5d2150826e78a3d7165f5a489f2b387d83b9
MD5 hash: 1a39cd078ebbf79e00423c82028a744d
humanhash: mexico-skylark-hawaii-nuts
File name:DHL Shipment Doc.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-05 19:04:26 UTC
Last seen:2020-06-05 19:51:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 43953f29a87828796a6c81d9dfba0cc1 (1 x GuLoader)
ssdeep 3072:yrdhaj1ZZE2uuZjlWjfzb4KdIX2l2HTyXy3/fQdoYw9aUc:y2HZfOfzDy3/fQnw9aU
Threatray 861 similar samples on MalwareBazaar
TLSH 81B3921BA959BC6CD1C97DF0BC25A89703163C046B44A6FE12D4FBBCB630AA27C5570B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6845/
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.10797.24834.23293.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 10:51:21 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tupcql2zikiipxyqkskfvn6t7oi6wbl4tpa5nvb7ayvqu7rfubbq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1faaeabc23e415ec50a9fb89feaf02f6571f9c29cc086dd465e464c6f62fab73
GuLoader
2a093b2213d7d589020d69e76fdfd33b441ed125664cb3247d25e9103744011c
GuLoader
724f25497ea0ec1e51043be7c8d34aac53d9766dd68496b8c4c87779efc81260
GuLoader
7dc9d4200ada4d75e50d7c4ed86eef952334e4bb69da0464122682e7aff8d971
GuLoader
8d4b6b5a3f228456841a6627f6b4fe4de260e1261e312b30b62120d5297e68c1
GuLoader
a189b653beaa02ee38f4496b0916d881ba0c073f87208a5eea20f70ca036be58
GuLoader
aef1b48a6c4077dd71346018f0fbbf86239a35f34babf980e4469da9ddbf42ac
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c1f31495b3b0b03ae468812206b77f23aa3513c00a2a647a3bddca6c0aedf215
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
+ 851 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vlj1bmf6gs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace e1db760e041189ccb6fc5bd51d8dcef242d7402c5fa0ecb4b3b2155356408078

GuLoader

Executable exe 9d1e282f59429087df1054945ab7d3fb91eb057c9bc1d6d43f062b0a7e25a043

(this sample)

  
Dropped by
MD5 7ecb4ad32fdbb3c334943cf3892b7f47
  
Dropped by
SHA256 e1db760e041189ccb6fc5bd51d8dcef242d7402c5fa0ecb4b3b2155356408078
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6845/

Comments