MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab58aec6825baf6f83a0c3de3553dd1b727934bcdbb05f6644122911a514f079. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	ab58aec6825baf6f83a0c3de3553dd1b727934bcdbb05f6644122911a514f079
SHA3-384 hash:	fc1f5c7f7b3e9cb551f3ab2575dd1d4d26388a5d30bc9af3bc696b78a6a1309ab69fed048f6600c3d5df5311acf9ff12
SHA1 hash:	0001ed9c88ddc73ad5aa1344d9ffe0239eaa5a97
MD5 hash:	1b6b8763e2d0626c25905fc77cd21d1e
humanhash:	mango-north-speaker-green
File name:	Me.jpg.jpg.jpg.scr
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	98'304 bytes
First seen:	2020-08-14 09:08:22 UTC
Last seen:	2020-08-14 09:42:22 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2c8dfd941b05f89a7c49176441deea57 (1 x GuLoader)
ssdeep	768:xpM9L79mPJ7eruB60qWHa4pd8K2ytu1uxpNGku1JiB8dR04N6DzP6tDHZn1Z0m:xybmt40I4Ibwu1WpkiBcR0BCbYm
Threatray	17 similar samples on MalwareBazaar
TLSH	26A38D2256DCE933FB4AC2B51A3421F321BFBC3216979E0759463E6D6B39D12E890347
Reporter	abuse_ch
Tags:	GuLoader Hostwinds scr

abuse_ch

Malspam distributing GuLoader:

HELO: hwsrv-760908.hostwindsdns.com
Sending IP: 104.168.213.82
From: info@kamaehr.com
Reply-To: info@kamaehr.com
Subject: 5 x 40 ft Containers
Attachment: Product_Order_me.zip (contains "Me.jpg.jpg.jpg.scr")

GuLoader payload URL:
https://onedrive.live.com/download?cid=798F780A1F816F26&resid=798F780A1F816F26%21105&authkey=AEnQ1qtRetzoU9o

Intelligence

File Origin

# of uploads :

# of downloads :

225

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45685/

Detection(s):

SecuriteInfo.com.Variant.Strictor.248325.20742.26080.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/429126

Signature

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Yara detected VB6 Downloader Generic

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ab58aec6825baf6f83a0c3de3553dd1b727934bcdbb05f6644122911a514f079/

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-08-14 09:10:08 UTC

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vnmk5rucloxw7a5ayppdku65dnzhsnf43oyf6zseciurdjiu6b4q._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200814-9qrmx4pffx/

Behaviour

Suspicious use of SetWindowsHookEx

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.10

Link:

https://yomi.yoroi.company/submissions/ab58aec6825baf6f83a0c3de3553dd1b727934bcdbb05f6644122911a514f079

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 98a1b3fd65c648090ace36b4cbdac4156c1a6498b8c8956ee938788d7251153d

GuLoader

exe ab58aec6825baf6f83a0c3de3553dd1b727934bcdbb05f6644122911a514f079

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/432985/

Dropped by

MD5 29b274d149df560788dd064537f85b42

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/45685/

Dropped by

SHA256 98a1b3fd65c648090ace36b4cbdac4156c1a6498b8c8956ee938788d7251153d

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample