MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aec92581e48c5a9f8e8b920d595ecab2a0af7c81bc49e5d2d3d4bb9c317f1999. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aec92581e48c5a9f8e8b920d595ecab2a0af7c81bc49e5d2d3d4bb9c317f1999
SHA3-384 hash: 87374f4e28b4d08d304a2e2dc2926db947748dcaf885abea4493a12dd29927808528f07dd0b47c1228e600a7b6011ea2
SHA1 hash: 1cff33fed21bd60d3d2523554464b2b318dc2e2f
MD5 hash: bc16f41d2fac516285a1582257c2a44c
humanhash: jupiter-uncle-december-video
File name:BUSINESS-FRANCE PROJECTIMG.com
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2020-06-10 11:40:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7f174a726307bad94f3cbcf69e72ed03 (8 x GuLoader)
ssdeep 1536:rV7OrmYYY1w+7xrUYCBb+UsRiTOUqMGlB5DO4ypmwFDc2hnkKz:SmYYYSCxrUY2+UsITOwmB56tFD1hnka
Threatray 1'010 similar samples on MalwareBazaar
TLSH 8B635C1676A1ED71EBB546F76FB09294449BE93204D2880378543F1F163A84FF97630B
Reporter abuse_ch
Tags:com GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: businessfrance.fr
Sending IP: 45.153.241.193
From: alberto.m.frescura <alberto.m.frescura@businessfrance.fr>
Subject: RE: RFQ BUSINESS-FRANCE PROJECT
Attachment: BUSINESS-FRANCE PROJECT.IMG (contains "BUSINESS-FRANCE PROJECTIMG.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=BB419EE18BF3F1DA&resid=BB419EE18BF3F1DA%21106&authkey=AEJmsUJrmBEjg8Y

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7525/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:41:09 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v3eslaperrnj7dulsigvsxwkwkqk67ebxre6luwt2s5zyml7dgmq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2a093b2213d7d589020d69e76fdfd33b441ed125664cb3247d25e9103744011c
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
6715e87f7070a2d7b5b2c71e98a7bade689a504aed3b95654af3494248a501d4
GuLoader
7e8e1de7b35bbdd1e9a7aedaa1e3e73602e778768052474e7e56140baaf85e37
GuLoader
7f950bc31a7a30c03b8e703b1f59673a787674452e9c258e8343f9504486a559
GuLoader
99d07b0682434235023da65216efdcc624d66c436e80745614315d4c68e8735f
GuLoader
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
GuLoader
e0a55cba6885e046f0eb064179877af39b10f3d8cc74b8c697ea7c8cda6ab739
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
ea12fb909266d6a6f7315c8ffe0fcedb6b63ba660cd91e7c2ac4e6db14596171
GuLoader
+ 1'000 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ztnp44xbba/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img dbfb09b8f6da218b3e1303d55acd659270737649d606af0d693b11d3f1b0501c

GuLoader

Executable exe aec92581e48c5a9f8e8b920d595ecab2a0af7c81bc49e5d2d3d4bb9c317f1999

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/385296/
  
Dropped by
MD5 e012a93cf5b2c2ec12abae3cb6bda232
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 dbfb09b8f6da218b3e1303d55acd659270737649d606af0d693b11d3f1b0501c
Cape
Cape
https://www.capesandbox.com/analysis/7525/

Comments