MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abfe010057a638eda064ae47f69e61917dfef096647e35c5d4a642256dd7126c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abfe010057a638eda064ae47f69e61917dfef096647e35c5d4a642256dd7126c
SHA3-384 hash: 806d365ad5beb82bb2c445e8a3afefe4dd3ae20c47214a8da56543ab5539f550dc77ac81797377373fb12a952ee0b013
SHA1 hash: 806dda22b880391757b292e203e6ec527f83859e
MD5 hash: 252a91e5d4d9a89fca2d4132cfcd223a
humanhash: kentucky-quebec-avocado-speaker
File name:informe bancario.PDF.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-06-10 19:01:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 27d5b43adde6b14ff67499c7f66b70ea (1 x GuLoader)
ssdeep 1536:bA94d4xRhMVruW7rb7JyHmnJ8Y/84zIJy:i4d+yX73I
Threatray 895 similar samples on MalwareBazaar
TLSH EC735B2EEA19E953E1304B7048725AD0A7177D1B644F5E1B691C3A2A0632E13BFE743F
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.novasolutions.com.ec
Sending IP: 192.99.233.222
From: PAGOS <pago_navieras@torresytorres.com>
Subject: Re: DEVOLUCIÓN DE PAGO TT (Ref 0180066743)
Attachment: informe bancario.img (contains "informe bancario.PDF.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1w2cXybZ5US7784EkeFgJRx3Nyqm9bpcs

Intelligence

File Origin
# of uploads :
1
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7673/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 19:03:06 UTC
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vp7acacxuy4o3idevzd7nhtbsf6754ewmr7dlrouuzbck3oxcjwa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
352837f7f48c65bab461ad1a4b907226f08604cf13390f8e187daf08e0da7aa5
GuLoader
38c4baea01347f88b497f928343cb19d1e68a693369da7cecdde067281e26fa9
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
7bdb44b6363e3b185573f4c7e08e78201174fd692f18fc2882a95f8ba455bb5e
GuLoader
877f342fa777bd70c1308b545ddaff6e70d9a8840c819713e34fcef56e736630
GuLoader
96487abb17fc905506f1be48d51ea17bb652515d8e5f40a4f524daebe98a6efa
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
f6c4c54e5af63b2b0f393830ddbf2a985289eb9bf6cb8a65ee7d68a79ddeb7f7
GuLoader
+ 885 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-gqh7lq5qca/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 4cc932eeaa92d88eea2f524bfefbab4499bca2f525ec81a94a525c952037499f

GuLoader

Executable exe abfe010057a638eda064ae47f69e61917dfef096647e35c5d4a642256dd7126c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385881/
  
Dropped by
MD5 d646461d011578c75cbff3ae52565738
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 4cc932eeaa92d88eea2f524bfefbab4499bca2f525ec81a94a525c952037499f
Cape
Cape
https://www.capesandbox.com/analysis/7673/

Comments