MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 baac62cc67ed22d7050679d7f8ce4bdd6275bc3e4cf835034d596073768192a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: baac62cc67ed22d7050679d7f8ce4bdd6275bc3e4cf835034d596073768192a8
SHA3-384 hash: e1ef81018d6bf222660367b4e77aef71f5cc8348ecd5e57aaeee174f270fa2c2f554c46497c8cf0899c1c1a4eeac0885
SHA1 hash: d8dd190805faa90561ec385e5ee1e96835c2ea8a
MD5 hash: ef7ef7eb1a2545c7bdfae24c8022aee7
humanhash: sink-august-blossom-skylark
File name:TNT Original Invoice.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-04 07:49:29 UTC
Last seen:2020-06-04 08:02:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 67b89ca44ac1e64c06718e33e1e7e1e6 (1 x GuLoader)
ssdeep 1536:tlSPfxV40bzSUDTPgvztBV0XkgrKHxLdGKc+o0FDHdZ1gIanT9iu4dcd9Q7r:qPXbTfYTcKVdhjFD9zY3E
Threatray 887 similar samples on MalwareBazaar
TLSH 66B36B07EC8C8653D1558BBD2D578DB97B1CB90D49001BDFB1396EAFAD312822C9B21E
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6503/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 05:46:05 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xkwgftdh5urnobigphl7rtsl3vrhlpb6jt4dka2nlfqhg5ubskua._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1acd132956421229e7c8fabb1001381956ff135d042b339f2871763498896d9e
GuLoader
4320e2bf2bc6115ae79a52777bdd9aef62db691a756640f9c7fa6e8372e46193
GuLoader
508f200677afcf864fc716ca89f7c840df97a76c6dbe3d58dabd12afb222f550
GuLoader
52f137c22685d15df043daabdb9c823e07ecec4df42bcc2fa2c5bd45913d32ea
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
765500e5e5af3c7320a36073ad19d4ba4bd15a21a5c65e2ed61eabfc428244c7
GuLoader
ad3cc0c05d4a7f42dba42a7bc414b78d50e3279d4ac40cdeda7d893c50020231
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c1ccf8689de88be32890345e454df2f1fa90e1e4033c0f63425001af42f7aef5
GuLoader
dbf51889fb95ed46a824128ef165335d4662021bd8974f850e168478b77fe3cc
GuLoader
+ 877 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6cg4nsawce/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace c762dbd3b365a1667ceb03542b03eb873ad74aa4861c6fd29b47562e20aa56a9

GuLoader

Executable exe baac62cc67ed22d7050679d7f8ce4bdd6275bc3e4cf835034d596073768192a8

(this sample)

  
Dropped by
MD5 a4d07514728f958ed695f0ce36b895b3
  
Dropped by
SHA256 c762dbd3b365a1667ceb03542b03eb873ad74aa4861c6fd29b47562e20aa56a9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6503/

Comments