MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c804f5f16c0a482839a2b519a7f7d5183d9b3e12bdcce8bc36d7463294668c25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c804f5f16c0a482839a2b519a7f7d5183d9b3e12bdcce8bc36d7463294668c25
SHA3-384 hash: bd18535fd6dbefc5646fb170ddc9f822268c99744d741cde858ee80547154ee06e4f429b33f8d377ab80207611460467
SHA1 hash: aee6488508faab55f7477b605c2ffded19e0fea9
MD5 hash: 1e4b8ce767de4bbcbeab2ea91694a287
humanhash: solar-oxygen-pip-solar
File name:CUBMASTER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:61'440 bytes
First seen:2020-05-28 07:34:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 69be9e3c41d4ad37675f2a02b604723f (2 x GuLoader)
ssdeep 768:vnB3z2zCa2jbAqwsNi+p/1LNBe8twyD725:vB3z2zChnAFstLXwZ5
Threatray 917 similar samples on MalwareBazaar
TLSH D953075BF6B99472E66043B55EB18BD8057BFC300C169A0338C53F5F6A73A848E0679B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Ja Zhou <Ja@yuntong-batt.co>
Subject: Re: New trial Order #28487
Attachment: CUBMASTER.rar (contains "CUBMASTER.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uB50KsLtYHfMJvR4D3iNQ8RphMBoD1zh

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5837/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.50245.4679.8848.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:38:01 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
784d9c10d108190a9e18b3d5756404a3e63fd728abd648225cbbf80c4f78fe76
GuLoader
7c8b54cacdd83b95eeabcc825a195e5b46925fc0c91af6bdd9a9c5ff9005e29c
GuLoader
8bbc2e9322af7c28162adfaa66055af70695b2da16b822be4b8b4deb67da405c
GuLoader
994655b2cfd0979f7b96ae1f4423510633a82adf92fa6486dfd2f3243e96618d
GuLoader
9f2db3c39e19066111590682924d0c124e83b13c1acebca4059722d8e7fc649c
GuLoader
a0c5ec02160570545c6eb2b81cbff1db49cbce0d90ba6e567b42e1a3e3a7076c
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
e8f0dd4a951cb42729e34171301bf46bd708a8c1c1c0b5b7daf2ed9036b97cca
GuLoader
f8bafa64755f10484342423a2069ab6f9f817065b1f6bd45db2032677c64b7ad
GuLoader
+ 907 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vlhly25hra/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar c98b1914beb862e9aaa7d4cb1ef408d5b0e4a74ed0ab91e4b3235bf7197097d6

GuLoader

Executable exe c804f5f16c0a482839a2b519a7f7d5183d9b3e12bdcce8bc36d7463294668c25

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370298/
  
Dropped by
MD5 8e330e69f78e1762ac7e8fe55cd0b7bd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c98b1914beb862e9aaa7d4cb1ef408d5b0e4a74ed0ab91e4b3235bf7197097d6
Cape
Cape
https://www.capesandbox.com/analysis/5837/

Comments