MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfec171794d932015209d2b654f3616dd552e400013931ca1a07b302a096abc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfec171794d932015209d2b654f3616dd552e400013931ca1a07b302a096abc8
SHA3-384 hash: b5aad6003f130520261b39af5571f1635c03d573e7801fa352f34d41c840bfa014ea6416e780a89f13efcd9bcc331174
SHA1 hash: 48c46882dd36bf558060c2067bd7c09df3bbb725
MD5 hash: b3ee3b282f6c6d47abb44c298b390a5b
humanhash: high-mountain-nuts-wolfram
File name:b3ee3b282f6c6d47abb44c298b390a5b.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-08 09:33:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e65ace0c1033363c18ae008b2953f96 (1 x GuLoader)
ssdeep 3072:7rdhIsEPEVpZjl5C5jq9o3WF2nzxjRhoYgzd:7dEPrpy
Threatray 674 similar samples on MalwareBazaar
TLSH 32B3A31BA959BC2DD1C97DF4BC25A89713163C14AB44A6BE52C0FBBCB630AB27C11707
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://5.206.227.100/private/lambo.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6881/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33971095.2844.29410.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 17:23:01 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z7wbof4u3ezacuqj2k3fj43bnxkvfzaaae4tdsq2a6zqfiewvpea._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
01409a8c1a4815214036cdac1796e2a6b680f7149b2117346a1f01b809a18754
GuLoader
1f057ca53fc065ca47ae62409af791cdd7c422a1080a4e4f7985987725ab9350
GuLoader
2c0fc1518735d0f354fbed168c2f96d51cfa0e0ebf2dac3f7179a0b5b462e5a9
GuLoader
512a9dbd3e78c1932f14c8ce9c0177b3ca40564928ad75280b1a2448b0a353f6
GuLoader
7294bdc3333d08ac9c2397b3555c0126928c13600b23de09f21841cfee83f55a
GuLoader
8092f7adff425c2972f2716e2d31fedb1057c692eb8f0d4ca65d1a97537932a7
GuLoader
885345d6e648c3ed211fcd7f23a0a4207b8f8f90226cf2dbd8325e8ec8e2ae80
GuLoader
8eaac79108455d13b9ba6696108a2f5a734c02463b208a5d399d3a70ea792498
GuLoader
beb2824122982ae356642d0d46c7fba54424687558a35df7e0b22263f9587332
GuLoader
fc51957298f981557d270415f537221f6ed34313a7ff59982e1a1f8366f30b48
GuLoader
+ 664 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe cfec171794d932015209d2b654f3616dd552e400013931ca1a07b302a096abc8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382086/
  
URLhaus
https://urlhaus.abuse.ch/url/382933/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/6881/

Comments