MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb21e5fa44e32d9336ed5ddeb2fdbd7c90e27e0f4342101a04f87b7e4161b7a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb21e5fa44e32d9336ed5ddeb2fdbd7c90e27e0f4342101a04f87b7e4161b7a7
SHA3-384 hash: d060bd0584b9c7e03919dde88383f1f4d707f90fb60a0948d4138beddc0c31ba41e5703e73b38477a8d2dea65ee89691
SHA1 hash: 75ee6677e3c7bc691303b85aecbdb7f0706a0a05
MD5 hash: cf59777519a22ddad9baff16e52d8ae3
humanhash: vermont-summer-arizona-sixteen
File name:PO.pif
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:05:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 86b0ce8b6121bde3f7895886a52faed9 (1 x GuLoader)
ssdeep 1536:UhSPfxV40s9lX8cvggk1DHckgrKHxLdGKc+o0FDHdZ1gIZjkM25C3UhYOLb:/PXs9l89KKVdhjFD9zN4fjOOLb
Threatray 913 similar samples on MalwareBazaar
TLSH 04B38C03EC4D8543D2444BBD2C279EBD3B0DA80D0D446BEFB5755EABAE326422CA711E
Reporter abuse_ch
Tags:GuLoader pif


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.izujin-jp.com
Sending IP: 45.95.168.182
From: Mr Brian Jason <e@onethaifoods.com>
Subject: Find PO Document Attached
Attachment: PO.pif

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/bb_RcvwyLRkrS79.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6281/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 22:08:42 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zmq6l6se4mwzgnxnlxplf7n5psioe7qpinbbagqe7b5x4qlbw6tq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
1acd132956421229e7c8fabb1001381956ff135d042b339f2871763498896d9e
GuLoader
34d451e5d317cc63e89cb8b6f8c5ecb1065c5cd295a97388ae88175cee19557c
GuLoader
b1870a333468762962079f0f81ecd22f7e40e53c504dd031e999761f267bc347
GuLoader
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
GuLoader
d3595de4667f3fccf8f9aee7fd1da790646fee898a04fea1d063b927267d2de4
GuLoader
f0255e294b079746046ab33e05884561e96746033d2e1b05a268af0f8bd2f3d5
GuLoader
f3418e9ec01f4116a2ae079c709ee3c20455d66861951751474dbeb49ab75c26
GuLoader
f9389b3ae99666514bbe467217ebd46597e6d2e919f105697a152afe1da73e18
GuLoader
ffa86315bf2626a0d898bfb87783206ab4cb64b9b4c645661c644f717052ddf9
GuLoader
+ 903 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m2g86rd4jn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe cb21e5fa44e32d9336ed5ddeb2fdbd7c90e27e0f4342101a04f87b7e4161b7a7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/375996/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6281/

Comments