MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cabd27c6a3959d7f313b5e73679637c93fd21db0e6e6ee3e78a6d5e264068407. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cabd27c6a3959d7f313b5e73679637c93fd21db0e6e6ee3e78a6d5e264068407
SHA3-384 hash: eb7df02133a8c49c1dadf8ac5f45515ad86916bb634016e168645cd0ea2e23cfc71ed25f7cd60601eae7c1e460cb6162
SHA1 hash: 5b084cc0b22882bc01936516c4316a8ddfd9f1ad
MD5 hash: 8732c83a0c91ea1dbbeb0d5e98cf5844
humanhash: fanta-cola-mockingbird-arizona
File name:Specification Sheet_20201022.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'248 bytes
First seen:2020-10-21 09:57:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 963bb9d13f800afecfd3184393142c7b (1 x GuLoader)
ssdeep 768:VqocQ+Zqsqb1sMY1YaFP8QQARAx1dYlVq6E:AhQ+ZBq+bPCA6x1dYWx
Threatray 2'656 similar samples on MalwareBazaar
TLSH 0C338C37E0D4A663EAC84A702E1282F95367AD322AC04F0B714C3F6E3D72EC1ED45659
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm50.hanmail.net
Sending IP: 203.133.180.238
From: (주) 해성테크 <oumingu@hanmail.net>
Subject: send product specification
Attachment: Specification Sheet_20201022_pdf.gz (contains "Specification Sheet_20201022.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/73970/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/505668
Signature
Contains functionality to hide a thread from the debugger
Creates autostart registry keys with suspicious values (likely registry only malware)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Potential malicious icon found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cabd27c6a3959d7f313b5e73679637c93fd21db0e6e6ee3e78a6d5e264068407/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 02:00:14 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zk6sprvdswox6mj3lzzwpfrxze75ehnq43to4ptyu3k6ezagqqdq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1289d591984de5325235e57987ab171b4ae3f9d55baf3476087677805922427f
GuLoader
14eb827b600c3f7ccf2af766d0fec868e6b0467eba9264f19b75427f95ef7cfa
GuLoader
3ade913d64b215c53ea446147f59738d870c8f46e7f4cbd10b2212e804ab6f73
GuLoader
3b6460bb14fdce88ab8ec80e5cbfecbb15bbc09de1e75c51246d1c670925b340
GuLoader
50eb8b54c87303301b6614c07195bef8121ab2f99685ced448b915f9e6f0fc15
GuLoader
6964c8791bbf63ce0cf1dac7e62486fd3398d16c72774904fd3a7ca4f3957fff
GuLoader
784d9c10d108190a9e18b3d5756404a3e63fd728abd648225cbbf80c4f78fe76
GuLoader
c8e91120db97c2cc33d799fb33cefcb6e199cb68c824500f22ec8fc1736a90b4
GuLoader
d29fa6e0fa83a4332afc39315b3961e609bddc91c1b60590c82b009d20cd9f3a
GuLoader
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
GuLoader
+ 2'646 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201021-kn6grkcvz2/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
cabd27c6a3959d7f313b5e73679637c93fd21db0e6e6ee3e78a6d5e264068407
MD5 hash:
8732c83a0c91ea1dbbeb0d5e98cf5844
SHA1 hash:
5b084cc0b22882bc01936516c4316a8ddfd9f1ad
Link:
https://www.unpac.me/results/36bb8b84-fcbf-48c0-b933-bfb2a8122f82/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 22d2c6e1ba9b7b5a2b5b4a50cac76d1d5f67d47a358e4829df2335ae717540c9

GuLoader

Executable exe cabd27c6a3959d7f313b5e73679637c93fd21db0e6e6ee3e78a6d5e264068407

(this sample)

  
Dropped by
MD5 c97e55aa3844827c5852174b426982fd
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/73970/
  
Dropped by
SHA256 22d2c6e1ba9b7b5a2b5b4a50cac76d1d5f67d47a358e4829df2335ae717540c9

Comments