MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b97f89957de59d3a218ed617e6acb9136e3279f9dec3f864ec32d9b29b77ec6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b97f89957de59d3a218ed617e6acb9136e3279f9dec3f864ec32d9b29b77ec6e
SHA3-384 hash: a98bcb6cc3be1aea98ad9c551bda5df7c369602395dcd45d2df6a8b74870e16abebbee7bff06dc44c689bc4e9700bca4
SHA1 hash: e46615735259205b99e891bffa52fb925d80f0c0
MD5 hash: 76d28bdba6c0c239c470c5cbb4a41152
humanhash: uncle-missouri-high-tennessee
File name:76d28bdba6c0c239c470c5cbb4a41152.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-06-05 19:34:56 UTC
Last seen:2020-06-05 21:01:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4e291e92f05402ac4bc1c013bba77c86 (1 x GuLoader)
ssdeep 1536:rsqDrdLtweCvZ1EgSb9t4nwDwv6gKXQMlzTWATp/aD2GM9M3GLJ3uFFkCC4I/7Tg:r3rdh3M4geEJKAMlzTWATp/eZYM3GF3I
Threatray 1'145 similar samples on MalwareBazaar
TLSH A4932A137C289E25C0A52EF17C13A88627167C14BB441E7F2295FFBEFA705A23C69716
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1AG0iiG6PO0oFuGX_Z17A3yxDISg7vfQy

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6817/
Detection(s):
SecuriteInfo.com.CLASSIC.27412.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 19:36:08 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xf7ytfl54wotuimo2yl6nlfzcnxde6pz33b7qzhmglm3fg3x5rxa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ad4f6db3a7a39ce0c3df5c2424f572c6a24645cd6c40e4446843dba3e646a12
GuLoader
47297afc656fd530c91114aa04cff59b11c65f13c6c16374daed6a01116a00d4
GuLoader
7a31d09cfe9943fd971a89ab3e411ba085d3cb57bf27b0a8d1a591e4be6f9102
GuLoader
9fdf001f730abe9e97454ce266d79326fb6e7c02fa6f3c16a7bbf5485ef674c4
GuLoader
a189b653beaa02ee38f4496b0916d881ba0c073f87208a5eea20f70ca036be58
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
GuLoader
c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011
GuLoader
c98091ed44cd76e438ce2e7a9c71b57d37ff45903d365162040af94fa143b9f5
GuLoader
f8dec47c69d225551ae101236be38ea50944b01e14f64a8e5d4758c8e20ec6bb
GuLoader
+ 1'135 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-dmmrrhapxa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe b97f89957de59d3a218ed617e6acb9136e3279f9dec3f864ec32d9b29b77ec6e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382339/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6817/

Comments