MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cabdb16b578bbd7855d7d244a8bb49dd9542232804e22a809ff1b1805f35e976. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cabdb16b578bbd7855d7d244a8bb49dd9542232804e22a809ff1b1805f35e976
SHA3-384 hash: 08451b285230fdb674be1c83f305915c7073d2d81cb2251c4b2789c0180d7c0fee6e8a02e0c11db6ce9e4fcb6fb19370
SHA1 hash: ca5cf09fdce689e30f96882b6837b882f527bd22
MD5 hash: ae02be1683efbe54da85a9ae6740c88d
humanhash: purple-moon-mockingbird-oxygen
File name:ae02be1683efbe54da85a9ae6740c88d.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 10:50:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3239d0c1fff6db13c4b913b039add270 (1 x GuLoader)
ssdeep 768:MKXukNssKf3ujLkNOi7pqQfUrTrFlGTEvfgqfAj3egwUnUq:MK+o0fczc/2WTF39w
Threatray 1'059 similar samples on MalwareBazaar
TLSH E673192DBF588165F8454AB11959E15AB726BC3254029F0F73007E6AA836E8BFCF0737
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://cmdtech.com.vn/MY_XXX_VUVHawg214.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5521/
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 11:35:42 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zk63c22xro6xqvox2jckro2j3wkueiziatrcvae76gyyaxzv5f3a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
32988d9efdef04149dafb7aad85acfc026b906452b1c6a11b5e8402157d20691
GuLoader
57bb966172a1d6bc994a682ef5da9b8b8fdabef539f44024c7e9368e6416d457
GuLoader
6d043b33b33e6baaf7514b9ca56f8dbd8aa57bc71a9040bf438bc780c1a4ad5f
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
GuLoader
8507e59e99aeecfdf0c8da8742848a0773c3493d038caef65a04bbe6969dffb7
GuLoader
8db887fade310b044bf413542735e42ea639ba015a1442c1efaac57f6c37628b
GuLoader
c1f31495b3b0b03ae468812206b77f23aa3513c00a2a647a3bddca6c0aedf215
GuLoader
ca29da046b516565cd41c9bb5d9ba29f8a8f9f7fc5d64a42a46b276c55874074
GuLoader
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
GuLoader
+ 1'049 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lhhw9dsh2n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe cabdb16b578bbd7855d7d244a8bb49dd9542232804e22a809ff1b1805f35e976

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/371510/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/5521/

Comments