MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d4abcc57a7136faf706c30c8d644f1ac7b38a2adcff37072a4a7c356d2b8d57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d4abcc57a7136faf706c30c8d644f1ac7b38a2adcff37072a4a7c356d2b8d57
SHA3-384 hash: 28bf86e2ad62a5b353693cfe9c8689be614faa963a32f6ddfbf11b70c46f9905cb0b233bd040e17896afaa46013fa9f9
SHA1 hash: 62647d30f287de423893c7645edc88f12255fc13
MD5 hash: e16030f97af6b547082ddc19f8f492dc
humanhash: jersey-mango-sink-quebec
File name:INV -MS 00088300 -pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-10-26 14:11:12 UTC
Last seen:2020-10-28 01:30:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 02d03956d3718b494e226bdaa75e0b1f (10 x GuLoader)
ssdeep 768:aytBF1VeKAb8ls/JE8Vnwd4jVH3C1CgTtwZOqZOGkDRvVnL8RuNLwOZRF:xV+8lGblwdyH3C1CAYOdd9gRS
Threatray 2'769 similar samples on MalwareBazaar
TLSH 7593EA13B97CA643D96487F8AF2B5F7C1A0FFD14A4816BCF21A20D9E7B3C501486E259
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: xwx0.318.xoron.ml
Sending IP: 134.209.25.90
From: FML- Yousuf <yousufs@fml-bd.com>
Reply-To: FML- Yousuf <yousufs@fml-bd.com>
Subject: MS KOREA/ PAXAR/ 1,036KG/ Re: PO 1032123
Attachment: INV -MS 00088300 -pdf.rar (contains "INV -MS 00088300 -pdf.exe")

GuLoader payload URL:
https://millenium-rj.com/ozil/kton2_kPBWvHU138.bin

Intelligence

File Origin
# of uploads :
7
# of downloads :
157
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/79159/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.44209750.15864.993.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/511881
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d4abcc57a7136faf706c30c8d644f1ac7b38a2adcff37072a4a7c356d2b8d57/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 02:57:26 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tvflzrl2oe3pv5ygymgi2zcpdld3hcrk3t7tobzkjj6dk3jlrvlq._file
Verdict:
suspicious
Similar samples:
092e73bea3484930380103be58ee944d620e754cfbd579e68c1fee773a478b7e
GuLoader
44da34c94fa3c1fbc77e4d18a745b1059db381ad4e6a025a90504b2bdfa73f18
GuLoader
70dc4e915dc7879d45c54a5936007d5425b6c82be49974a0a4ee2076390bd272
GuLoader
7d37b86ad0cb4b99038a10d6f95febfd7d1e096ab7ba28c6c02ada2b128873bf
GuLoader
8a91203698a5589c1787d9fb31dbbc30ab3229a6aee56992f9186a4d4fc4ae2c
GuLoader
bee2e75a7187b8d59c62e37425a14998512cdc6d5cf0023151ad071f0750f4c7
GuLoader
d53bb8e4561477133b4510eda133bf0740c854c587f1e3d5a676c9db33e9f818
GuLoader
d7a99f24befa69ac2bae23e028ef9342211ed018495b34b92b9e89448532584a
GuLoader
ea4512d4bec0674059c55c5861d977bab515b6d28a543c74f32e1d78126625a4
GuLoader
f0b159a704857b45d6336160191150963d48aa792341b9a38834fb99881c8d31
GuLoader
+ 2'759 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201026-jckfldf972/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 9ed09515c1e3097813aa23e8a5d286365787345cdceb1d768bc08c7b98973d2d

GuLoader

Executable exe 9d4abcc57a7136faf706c30c8d644f1ac7b38a2adcff37072a4a7c356d2b8d57

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/750728/
  
Dropped by
MD5 7bc7e6496a4b14eb04344087b698f6ee
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9ed09515c1e3097813aa23e8a5d286365787345cdceb1d768bc08c7b98973d2d
Cape
Cape
https://www.capesandbox.com/analysis/79159/

Comments