MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e
SHA3-384 hash: d3489779909c7984767a4becd2d3d719c96edbb83ccd34ed093a2981fd704fe070260d6848bf2768869aa753c20277ef
SHA1 hash: f7cb0d81d61af45ce817e47e4107a8384b32a380
MD5 hash: 7798a56ff0e890c96b1f2155873dac64
humanhash: potato-tennis-virginia-crazy
File name:7798a56ff0e890c96b1f2155873dac64.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:176'128 bytes
First seen:2020-06-03 13:32:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ddacb570c19243ff590e3378c00bad9d (1 x GuLoader)
ssdeep 768:9ZYhc7416N8lBR2zGHsGXaqmdvdzQaBFhKPHZLqdcYmhNtiNtsEj:rYFO8lLtXHoFJBm0dcYmNiNtsW
Threatray 5'119 similar samples on MalwareBazaar
TLSH A804F61729488A53E47845B06C93B75B2B1DAC8955830ACF7C0E79E6BF336752B4F20B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://theapartmentsubud.com/bin_dJTMRMP54.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6330/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:50 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tzg4v4pfq6xzoawccz35mrd7sdx7qq3vopueacugndntdv54pq7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
30efd997c49aae97766539c72d72529b06f1e8522ea84e71758cde4ed1846921
GuLoader
3d77c2490675a0f4e86f55ac8751a9a1912cd56bd168d9ae6c110cc385a65872
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
5e5d88343393a5a1f98a66c8e5967023e200dcf3be81bc0a3c210396156d0fea
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
GuLoader
a1520b7826c6a1de6e82b8d24c1667436bb94dac97404959e2c368863a471f6b
GuLoader
c8b1244a4aa61a5efc1d6ced3ae0407111574eda81cbe9f01f269e5fae9bf4b5
GuLoader
d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb
GuLoader
e38a459f721050cdc6779172eeda9caa5496f144e41fce503ca01554ada0a64c
GuLoader
+ 5'109 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ww8qm214ya/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376040/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6330/

Comments