MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd5078b8e00c23e3396bf5b38e6df45d329bdc62b441723d39f732780d1e8f2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd5078b8e00c23e3396bf5b38e6df45d329bdc62b441723d39f732780d1e8f2e
SHA3-384 hash: 17349dd1a57657667955f4ede49e2eb8a70214f9f8ea43915e4b97dff1085533fbde80df07038c1ac5a6796c1353e51c
SHA1 hash: 00f0fb5330a23115f2d5cc24f18fb1dbb9f8e730
MD5 hash: 26b535dd328bdfe708a4945b355e800a
humanhash: alabama-hot-pasta-early
File name:INVOICE__28042020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2020-05-27 18:26:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0374bb74c15ba2bdac8445ef78240604 (1 x GuLoader)
ssdeep 1536:8YM1PNn0UOvg8Oe2tuaVnCr7Dl0kmuPnWpZZsnqfMF8i:8vPNHEg8B2tCrXC4/WzZeqfq
Threatray 768 similar samples on MalwareBazaar
TLSH 64E385127EDAAC7DD1893EF1BC9968962A062C10BF00176F62C5FB7D72318E16C51B1E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.errantas.com
Sending IP: 45.95.169.152
From: sales1 <noreply@pleng.net>
Reply-To: noreply@pleng.net
Subject: RE: RE: Invoice overdue for April, 28 (lastmonth)
Attachment: INVOICE__28042020.exe

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1EDZZoKfDpAY3GE_kUR9Jao6nf9q7ipf8

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5774/
Detection(s):
Sanesecurity.Rogue.0hr.20200527-1504.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:39 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
5f9b8ce62abc0d49b1bb253bd51286151a8b3d3f09fdb9e37cd964f80df26669
GuLoader
60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
GuLoader
610ab1c6d1d8f59195b85cc6bfb496adb9e6ce8d2f4e6764b84eae8bb5ae2cc9
GuLoader
8e8c9171f64a457ec20c222a545fece4a897e08b1863e5c8f3c2a0086b5fbff5
GuLoader
a45d9c8d3f5ceb809b8ee497e806d29d6e379ae0603aea8b733096afcf86bdcc
GuLoader
aa3420190b3e22959cfb4715307027404fe5cb492faf5546189a20b82b9e4e37
GuLoader
b1d1654f14052fe13960bbde4280f2f1d34e802293dddb47c971ce833bb5bda5
GuLoader
c9dae8af9343e2bb59a9c6cbfa04b09bcbffe2a75893d797ec2a9c50c6253afe
GuLoader
ff8da3f9d4933d6a6b600d3b34e2fad0e00d9a82cb056a33ed030c16d75a944a
GuLoader
+ 758 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ee3nkhbvrn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe bd5078b8e00c23e3396bf5b38e6df45d329bdc62b441723d39f732780d1e8f2e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370060/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5774/

Comments