MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8c463fc8f8137444b55e4cc24564f539bfe17956a7dde1e4cef2a1d3b9a2856. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8c463fc8f8137444b55e4cc24564f539bfe17956a7dde1e4cef2a1d3b9a2856
SHA3-384 hash: f332432783bc0c1ec4c1f584cb2209956f309ea06b56efa7ee1497ad1d1fc13e5af5cc7c5b283dae69c63670a1b87e91
SHA1 hash: 2022146623d78602508eb37c41eeb764472dbc56
MD5 hash: 2fde7d7c8427916afe05b15fa5024f97
humanhash: north-hamper-december-football
File name:new order doc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-06-02 11:16:22 UTC
Last seen:2020-06-02 12:42:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d777894b3393cd9d22fac90f48729cc0 (1 x GuLoader)
ssdeep 1536:b4FO8lLyg2nb4qwM3TBNml6LzwKQw6fPLjCJ62pEog/h:/zbgM3T6lMzwPes/h
Threatray 872 similar samples on MalwareBazaar
TLSH 1093F7037AD44901F1B28BB06EB786999E26FC1D5D839A0F314D294B3B31766D86C72F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: lah-a2.de
Sending IP: 84.19.187.99
From: thomasvollbracht@thvollbracht.de
Subject: Re: New order 0636
Attachment: new order doc.zip (contains "new order doc.exe")

GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6076/
Detection(s):
Win.Dropper.Razy-7995205-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:39 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xdcgh7epqe3uis2v4tgcivspkon74f4vnj654hsm54vb2o42fbla._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
033afefa4c3ffe5fadd50c033ef0232605929c32e99bb96493588e01c0e211ee
GuLoader
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
12bae6b2d092fc8c776ea509d90b393df8e8f336214bb155f7e2d7f18beb4cb1
GuLoader
1b476c8bd4604f9eb16f852bd2a7770520789b8740195c32b30f68dcfc9e91e9
GuLoader
3631b6f02663cc48d6ca8a8396a168c0d0204326c8d3ff66b25e013c7e8d5f93
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
e5e0a549727c9af4b170b6181dd1f69f8f5bfd268ef711c27a1687face31f052
GuLoader
ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2
GuLoader
+ 862 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1btfj1sxxn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ef3efe9aa7e18636193b8ed2a286ccafb6252ee5a22b20b45d765055d89b2f86

GuLoader

Executable exe b8c463fc8f8137444b55e4cc24564f539bfe17956a7dde1e4cef2a1d3b9a2856

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369174/
  
Dropped by
MD5 5bea062f961115c055dae930bd58c961
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6076/
  
Dropped by
SHA256 ef3efe9aa7e18636193b8ed2a286ccafb6252ee5a22b20b45d765055d89b2f86

Comments