MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a28e8b9eb2f43a1ca7bc6d668542d52d8a41644e23546bd3437eab9ed9d15b38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a28e8b9eb2f43a1ca7bc6d668542d52d8a41644e23546bd3437eab9ed9d15b38
SHA3-384 hash: 387b81edfbc68e6120621e9d00bd31fda092a57aa9220fe6b63bd68bc47b0bd12185ddecc9345fa9d2dd99780dd3a51f
SHA1 hash: 3ae81d77b80c5348b9d86237660ed95922f375f1
MD5 hash: e6ed59ea89f99429314d1b865e425c83
humanhash: happy-dakota-cup-india
File name:Bill of Lading 10-06-2020 SKMBT03783930484040484904003TXT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-11 06:32:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e266a29e7d76467aa55e8d67ee7908a4 (1 x GuLoader)
ssdeep 1536:bY94d4xRgGq81h4BLpROwzIdJ7rb2ESA465w1D58NRp:K4dNGqbpxWX0AR
Threatray 958 similar samples on MalwareBazaar
TLSH F2735B2EE618E443E03107744C7249545B633D1BAC4FCD1BA9093A7A09B2A53EBEB53F
Reporter abuse_ch
Tags:exe GuLoader Maersk


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: socialmailmarketingworld.fun
Sending IP: 117.50.37.204
From: Maersk Shipping <sales@socialmailmarketingworld.fun>
Subject: Fw: Arrival notice 769480332
Attachment: Bill of Lading 10-06-2020 SKMBT03783930484040484904003TXT.exe

GuLoader payload URL:
https://onedrive.live.com/download?cid=B95C56E530B4B210&resid=B95C56E530B4B210%21109&authkey=AOTKqkXo8sIzokg

Intelligence

File Origin
# of uploads :
1
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7762/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 04:29:28 UTC
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ukhixhvs6q5bzj54nvtikqwvfwfeczcoenkgxu2dp2vz5worlm4a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0494c6b3493335509d5fdce6d9592d796e592fee648f42dded58ddc29e3565a1
GuLoader
50e217d5fb7b641b16f5a7f04d830f60e35720c81ae8010981c4c096751a6268
GuLoader
59b0be610123d4bcb4e6dc0a75a4ea3cd807b5037596711d9e263578a86f6384
GuLoader
5f45455780932616a1109057e76b4e6ad3444db6371405b96152379ac100767c
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c8e91120db97c2cc33d799fb33cefcb6e199cb68c824500f22ec8fc1736a90b4
GuLoader
cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef
GuLoader
d11f49cceb75957df9dde57b197a71b081579d2a63eaf294974e5d03dbb6a558
GuLoader
d7b031a5877b815aca5c6f066c775e7dc3c8da3c0a6b94af5d28af960138ec48
GuLoader
ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2
GuLoader
+ 948 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8whfgc2pn2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe a28e8b9eb2f43a1ca7bc6d668542d52d8a41644e23546bd3437eab9ed9d15b38

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/386452/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/7762/

Comments