MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c444900170cfcfffd0053d55120ef3de1a37aef88ce5a927a3312b54411a4032. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c444900170cfcfffd0053d55120ef3de1a37aef88ce5a927a3312b54411a4032
SHA3-384 hash: 6a3975b01a9371311075c80011d378dc9d184549c7e32d32293204435a22a440c3cb547907c505b9f3123ee406be1925
SHA1 hash: 9b641b09291a81fc5a2773bdbbc4ed4795f63ce7
MD5 hash: 2b71610966313ab3de7739e1be5535e3
humanhash: north-mirror-nineteen-shade
File name:REFERENCIA TT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:57'344 bytes
First seen:2020-08-14 08:21:43 UTC
Last seen:2020-08-14 09:02:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 19fa7d1f9041d2a260f5289829e3f7b6 (3 x GuLoader)
ssdeep 768:U3kzcD6ohCrQPbPIN97RldiLtWDf3g/aXvsqEHkW89MjNN6kLP69pU3s/Mogr:ER6YPbPC97j3g/aU7NNGfU3s0d
Threatray 2 similar samples on MalwareBazaar
TLSH 3843F913A9B8A136DB174EB21B655BAC035AFE341560C903A8C73B6C5BF7E85A43031F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Importaciones <importaciones@simplyorange.com.mx>
Reply-To: saikevagg@yahoo.com
Subject: COPIA DE PAGO
Attachment: REFERENCIA TT.img (contains "REFERENCIA TT.exe")

GuLoader payload URL:
http://ilobabascity.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_zzAqxPek191.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45619/
Detection(s):
SecuriteInfo.com.Generic.mg.2b71610966313ab3.6916.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/428949
Signature
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c444900170cfcfffd0053d55120ef3de1a37aef88ce5a927a3312b54411a4032/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 08:23:06 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yrcjaalqz7h77uafhvkredxt3yndplxyrts2sj5dgevviqi2iaza._file
Verdict:
malicious
Similar samples:
e261dff0d343917a991d8a85c2cc852008b3a9ab5a7ea0e088b2b54a83c9147d
GuLoader
e8ce2fc9936957e5562804f9e72a2e0f96b680605947ab9ea9c881548aafd6df
GuLoader
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-rpq72he9h6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c444900170cfcfffd0053d55120ef3de1a37aef88ce5a927a3312b54411a4032

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d09158250e3dd5e8ce651e38be5a20919950df753c0c3a4fe00a46a3db333e48

GuLoader

Executable exe c444900170cfcfffd0053d55120ef3de1a37aef88ce5a927a3312b54411a4032

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/432983/
  
Dropped by
MD5 b52667f75550095d610d09b313f8aef8
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/45619/
  
Dropped by
SHA256 d09158250e3dd5e8ce651e38be5a20919950df753c0c3a4fe00a46a3db333e48

Comments