MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1870a333468762962079f0f81ecd22f7e40e53c504dd031e999761f267bc347. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1870a333468762962079f0f81ecd22f7e40e53c504dd031e999761f267bc347
SHA3-384 hash: bcff133a8bb25402b80ef148926ad9a9c710c1282af1e4dd757333661c6e417b2de9e169bae418e36b6f00183453d56c
SHA1 hash: 74853533e0901add50d8b6ff72a936108afc8224
MD5 hash: 68905aafacdace6c793ac0714be4f062
humanhash: aspen-ink-bulldog-saturn
File name:SQ0947845.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:09:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1cc5e4409f9ce2ba12b08f9a89c6a2f8 (8 x GuLoader)
ssdeep 1536:KjSPfxV40TxIcaykdkgrKHxLdGKc+o0FDHdZ1gIJnEIuPUJvu6sdh:KGPXTGNdFKVdhjFD9z3uRdh
Threatray 1'098 similar samples on MalwareBazaar
TLSH BDB38C07ED4E8A53D11847BE3D179E793A1DA90D0D009BEF7535AEABED312022CA711E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: coreit.mynewserver.com
Sending IP: 88.99.38.211
From: "Christina" <christina.ioannidou@theluxuryspot.gr>
Reply-To: "Christina" <tolentinomavi13@yahoo.com>
Subject: Inquiry // PO_0947845
Attachment: SQ0947845.gz (contains "SQ0947845.exe")

GuLoader payload URL:
https://rakamari.in/bryt1_ifwWn45.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6294/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 03:02:00 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wgdqumzunb3csyqht4hyd3gsf57ebzj4kbg5ampjtf3b6jt3yndq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
8357fd2e6327d05c86d6e2729b65eafaf756322bc1e7bb7878cf75595c40abe2
GuLoader
8c4a0f5a5739f570edea6dcbb7d5701cc6467ccdf00554a88669aab0f743180e
GuLoader
a696a4e34ae22386e2759a75b90f5990501c2cbbb529036f8ec124b8fb9f6c77
GuLoader
bb2faadcbc0d7c66a84bb763e34cc811194f21a2222541a62fd1c0d9d3ce6c42
GuLoader
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26
GuLoader
ffa86315bf2626a0d898bfb87783206ab4cb64b9b4c645661c644f717052ddf9
GuLoader
+ 1'088 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-av9zppnx22/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1d08c4cf9a624062b448e14b7ebcef3e821b97caa9d3c451209253ee2380dc40

GuLoader

Executable exe b1870a333468762962079f0f81ecd22f7e40e53c504dd031e999761f267bc347

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376010/
  
Dropped by
MD5 7d09a010801dd1e05fe3ac8185bf3937
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1d08c4cf9a624062b448e14b7ebcef3e821b97caa9d3c451209253ee2380dc40
Cape
Cape
https://www.capesandbox.com/analysis/6294/

Comments