MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
SHA3-384 hash: ef7dd3d83f953a05cfff901d465e074a5871a3e772c39e1011dab76d5b11ec81fdd02e7cb4dcdf31931512e2b22b8c28
SHA1 hash: fb4c7a07a6f31cc72d8b8ba7b43b305ffb5e894a
MD5 hash: 2d82c205b2738d827acb5a327e95a606
humanhash: edward-sixteen-oven-ohio
File name:INV20203006PORDER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:08:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1cc5e4409f9ce2ba12b08f9a89c6a2f8 (8 x GuLoader)
ssdeep 1536:mSPfxV40r1YTDtykgrKHxLdGKc+o0FDHdZ1gIuwEEOjjtq+aAJ4:fPXr1VKVdhjFD9zdCFJ4
Threatray 5'600 similar samples on MalwareBazaar
TLSH 8AB37B0BED4D8553C1444BBD2D279E793B1DA90D0D445FEFB4356EABAE322022CAB11E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail2.bm-cheap.site
Sending IP: 62.173.139.217
From: κΉ€νƒœμ˜ <kwseo@omics.co.kr>
Subject: Rev-Order-june-03-06-20-Quote
Attachment: INV20203006PORDER.img (contains "INV20203006PORDER.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=18enfCOss--dmD9xux02fh_Qi3eB_ySYb

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6285/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:48 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tvkfzlulopqrqafk66klfem3xclskepe4il6v4nfdq7trql3wqja._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
30efd997c49aae97766539c72d72529b06f1e8522ea84e71758cde4ed1846921
GuLoader
451760c99be8a959869ac8736b9550013fbb5c925763a8d707e6a05f3c652dd3
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
7a65842e4b600e556b4373b55c29508315f3b3acea33075e32d380f6ae606392
GuLoader
897c29c75ae58e4057c0d32c3704469a7ecfa4878f5d0c60ad8abe2fa821b0b0
GuLoader
9aad58f1d569335bb140604794a5b3e2f02fd44ebbfc16e86b795b93f460e98c
GuLoader
bc05e8f15eaccce53aa6946738f82b2c7f66cb876a2c20c5a77ab3eb2e900d77
GuLoader
c3aa64f063330b257fdd6f3d0dd8479b3a4877140b771b4ccf3cae4e10ffe4e9
GuLoader
d8b1cfab3b5d2f483882f6c1406abafc5458f7affea357aa6f1438fdd82a34eb
GuLoader
ed3e93996b60fbaeb82c59f62dc3dcee809b229748ad7772829a8f738e307cbd
GuLoader
+ 5'590 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m4xpmxnjwe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img b5c641273bfc5fed0ea440d58b1e93588e72164ad57174f1acaec346f3cfeff1

GuLoader

Executable exe 9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376019/
  
Dropped by
MD5 0df9fa4b740cf3bbf549a6e37dded7b3
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b5c641273bfc5fed0ea440d58b1e93588e72164ad57174f1acaec346f3cfeff1
Cape
Cape
https://www.capesandbox.com/analysis/6285/

Comments