MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a891606327e5e625ddd626a1c63958e6575c2293bcfef7388fb803cef653f931. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a891606327e5e625ddd626a1c63958e6575c2293bcfef7388fb803cef653f931
SHA3-384 hash: 7774b227b71a57ecf2a247d235bcd3ce0a89ae193cec793495722a11de420b23aad8d2595a93f99b1986ef84e0d65b92
SHA1 hash: 834c63ea389f50c86529791ca9f67386f505d23f
MD5 hash: a3b3996212af17c8d8d6e8c0cd52abb1
humanhash: eight-sodium-earth-nebraska
File name:SecuriteInfo.com.Trojan.DownLoader34.17169.20070.8566
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-08-04 09:09:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c0c3ac7427871918bc10738eee458604 (2 x GuLoader)
ssdeep 768:J12Ro8KiZ/9dc/pzwOWgpVGAQJtg58cJrOpX7IpFQbW2P/eE7sJFT1:JwRoYGwOlpm768Y6MzNTxJFT
Threatray 332 similar samples on MalwareBazaar
TLSH 4BA3D61695E8423AF2A7DF704D7816E7407D7C3C382E858B5EE438AE37B39169620637
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/38386/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader34.17169.20070.8566.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/408936
Signature
Hides threads from debuggers
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a891606327e5e625ddd626a1c63958e6575c2293bcfef7388fb803cef653f931/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 02:33:00 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vciwayzh4xtclxowe2q4moky4zlvyiutxt7pooepxab455st7eyq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0282b710d24b3d098017e3231c93e1b46bf8586a6e0cc83ec76f2a1d710c6813
GuLoader
07bea1f0f5a11fdada688ba215ee670c1a77d2f05b0e1125edaee37e66a0819c
GuLoader
257fe290eb9d63d6d55207ac2298db8ec1e76170cc6a00c06a41e242ef24518a
GuLoader
26d95099636e212fccb35c4865a6aaee393079698b6c3a6f0a07ef2960a845b0
GuLoader
3f2c710a97bb42579ee2f9956437ff160a68bd787439fbc025ab3d6b46076d34
GuLoader
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
GuLoader
b508273bfcc6a902441e4a865879fce86cba3187773faf9838d8145a0deece5a
GuLoader
c123d96d15083236ebd509b2a5381b350e533d3c869f9aeed7df54651a04c238
GuLoader
d4a6bde59452ed3c565535321cf37bd40fd1ad7a547ae2dddb555a3bfdfff236
GuLoader
f18971acfee0d02e3379175905a33f2436a786c36c310266e5c6f717d64d7d4f
GuLoader
+ 322 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200804-be39br7r7x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a891606327e5e625ddd626a1c63958e6575c2293bcfef7388fb803cef653f931

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe a891606327e5e625ddd626a1c63958e6575c2293bcfef7388fb803cef653f931

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/424232/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/38386/

Comments