MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c01173f818eaf0ed530c4831f5b61e207498f606c2f61141aaf8ffc1ef62bd28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c01173f818eaf0ed530c4831f5b61e207498f606c2f61141aaf8ffc1ef62bd28
SHA3-384 hash: bc018455bac317404aa77c9138e845eb733144a2f1f9e0f01213cc77491b8e352331848a138c059ea0200b6e4fbe66c1
SHA1 hash: 7ba567a092e3f4773bc1dcbf21098de1e318b396
MD5 hash: 180b92af76a199b2956d5c7f180e8071
humanhash: quebec-hawaii-leopard-lactose
File name:e-dekont.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-05 13:38:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 47440788f5e8ae12aae18fb6795e2c5b (1 x GuLoader)
ssdeep 3072:4rdhd4gF/EmruZjl8myUza52zXujqb0foYSsf:4Z4gJdYAP
Threatray 947 similar samples on MalwareBazaar
TLSH 44B3732BA969BC6CD1C97DF0BC25A49713163C147B44A6BE12D0FBBCB630AE26C51707
Reporter abuse_ch
Tags:exe geo GuLoader TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.doklsa.us
Sending IP: 45.146.255.187
From: ZIRAAT BANKASI <ziraat@ileti.ziraatbank.com.tr>
Subject: e-dekont
Attachment: e-dekont.pdf.img (contains "e-dekont.pdf.exe")

GuLoader payload URL:
http://vitaltea.co.nz/ned/kris-stub_tPvCfLzh221.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6691/
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.ELXE.10163.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 13:40:06 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yaixh6ay5lyo2uymjay7lnq6eb2jr5qgyl3bcqnk7d74d33cxuua._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
01f8e3741798998e9bd0a8870adba209817eaa9df6a14ab67875e8292a30c028
GuLoader
0211865d58af36be2009eb29a77a400355a4cb7b8542d6359a6fa304c3f7d935
GuLoader
163b0dbdbeb27d581695908c409f25a926613547da8cc08e844e2a93307bd9aa
GuLoader
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
GuLoader
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
GuLoader
6f06cf7295e9301a4358854569f7d53dcf77319a94a76b45e60ebc72b88c2087
GuLoader
7c8b54cacdd83b95eeabcc825a195e5b46925fc0c91af6bdd9a9c5ff9005e29c
GuLoader
ac4035cfb9c8a93c294fe1911bd4cd94ce403d8cdc301fa4bf113144b40d1245
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
+ 937 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-bdlx6tx5g6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

affc5f7322e456c4c0216c2c99322cbb

GuLoader

Executable exe c01173f818eaf0ed530c4831f5b61e207498f606c2f61141aaf8ffc1ef62bd28

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382219/
  
Dropped by
MD5 affc5f7322e456c4c0216c2c99322cbb
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6691/

Comments