MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a86bee3b0f52b7550c4925208c3fd3633f57a2e3f7523d5b78cda28206c01b69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a86bee3b0f52b7550c4925208c3fd3633f57a2e3f7523d5b78cda28206c01b69
SHA3-384 hash: c5fc759d66ab5e759f4b4291b761bd4a88f2e413700079ff0cd809ba1ee5ea3af4a2270e56431bc579612de695eef083
SHA1 hash: 901af05092c14c3d57f7ca44dcdbd8931ac1045f
MD5 hash: 4bdefc4cd40763e4431089368c4de8cf
humanhash: oven-fifteen-vegan-carolina
File name:Forlngeren.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-08 12:32:46 UTC
Last seen:2020-05-08 14:25:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d12e61e78da9f8ac34743d0ac4aa28db (1 x GuLoader)
ssdeep 1536:pErPYp9SB9mwFESe7LBrxy2lPVeuOT+CYxLKd5UG:pqVufBrHe6xLQ
Threatray 112 similar samples on MalwareBazaar
TLSH 1483F562BEA4EC72E0157AB9DB16F29ED366BD3028311A1775803B2E1F305879C7125F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45101.16091.10591.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 12:35:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
00481f6d6a28c6792dc0ddeb8cf053ec065be3ebebd70137dc51dbbd1f4c1898
GuLoader
2289f866656b87504cc600b2549dfedde7a546b79ee931e1f50e6ab91cd86a9a
GuLoader
3db0da97119509327c8a494c8a5beca070c6dc51c0fe9569de478cc41917ea5e
GuLoader
6a223f3097e572a00aa6f1029bbbb6d71d66bb5bbf239177d232dca3c7f9bf33
GuLoader
70d991e7c073c8d0706a8daa9b78aa7684c8c856989b66b53f2a3b79dfa1f814
GuLoader
734dd373ee6950a0b13f4042cd66b0c3edc72df6d56f44a8afa69826e850f029
GuLoader
822c61d76c4a9dc067978f8537aba073e1d90ccae770b89fc88993edde81386a
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c1d7731ac02354dce14bf98a56a00f0b908fa2d8dcb3375bee86fa3aca8d79f7
GuLoader
ee86f083fdb8d5e2f4d1d609faf964fa08a01875bc0abb364aeb09bb83c35f8c
GuLoader
+ 102 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mhzf27kwkn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace c6b5b6f35cf6e46b132207fadd786b97db9a3916903df0ad751e315e364f8c87

GuLoader

Executable exe a86bee3b0f52b7550c4925208c3fd3633f57a2e3f7523d5b78cda28206c01b69

(this sample)

  
Dropped by
MD5 63876c2168c8d7ec9ada3bdca6c413e1
  
Dropped by
SHA256 c6b5b6f35cf6e46b132207fadd786b97db9a3916903df0ad751e315e364f8c87
  
Delivery method
Distributed via e-mail attachment

Comments