MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a189b653beaa02ee38f4496b0916d881ba0c073f87208a5eea20f70ca036be58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a189b653beaa02ee38f4496b0916d881ba0c073f87208a5eea20f70ca036be58
SHA3-384 hash: 0a1de4191f50640f3cd206d6b54896d53b1b48195380b1ec104257f13c845bd207e8a6c007397d76fed7aa2efb0a9195
SHA1 hash: 056f5e36934f1cd5a09d99ca5f8dc02bbbe92306
MD5 hash: 7b82d4a02671a97a2cf29cf319d7d8fe
humanhash: double-oscar-yellow-failed
File name:Conchostra.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-05 13:37:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f483a78878ddd7c6204e341c4b785e63 (1 x GuLoader)
ssdeep 3072:lrdho5EOuZjlW2TjAYOBsryB2bfmhqPL7ooYU5WV9:lu+Tj6qPL72U5WV
Threatray 1'034 similar samples on MalwareBazaar
TLSH FAB3821BAA59BC6DD1C93DB0BC15A89713163C14BB44A6BE12D0FBBCB630AA27C15707
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp77.iad3a.emailsrvr.com
Sending IP: 173.203.187.77
From: Elizabeth Chen <ase.nababgonj@olympicbd.com>
Reply-To: obe.sales@hotmail.com
Subject: 레: New Qoute 0605
Attachment: quote 0605.rar (contains "Conchostra.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1dJG05mz_jW9iQx4taSq8P0qvX-9btkYx

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6689/
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.ELXE.16703.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 11:15:41 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uge3mu56vibo4ohujfvqsfwyqg5aybz7q4qiuxxked3qzibwxzma._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17b3763eae8262957e49956dbc63b57ba57ce91b49bc7d538dc1e01cabd52450
GuLoader
1b5af678f3efd6cbff87b1c00c742534000f6783e93d22c8e4cb50c59393813d
GuLoader
511e0187a9180a083947a3bb3de77215fd37b0cae921181dee572bf537d2bea9
GuLoader
60da286e39c0c6dcee0d9daafbf5c6662b818c9a36b77d8ba5f4314e94d9baea
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b97f89957de59d3a218ed617e6acb9136e3279f9dec3f864ec32d9b29b77ec6e
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
d8893925a5d8f9574be0f322355b79372e9c58dacc1e7737223a7b96e53fe4f6
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
GuLoader
+ 1'024 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-cna12gwlqa/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

bf0b31371f47b603e9a50a12140514f6

GuLoader

Executable exe a189b653beaa02ee38f4496b0916d881ba0c073f87208a5eea20f70ca036be58

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382198/
  
Dropped by
MD5 bf0b31371f47b603e9a50a12140514f6
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6689/

Comments