MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5fdf6585b3afb5b8b4692779e722f9e36a9cb63611713eade2ab1063ed0bab6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5fdf6585b3afb5b8b4692779e722f9e36a9cb63611713eade2ab1063ed0bab6
SHA3-384 hash: 673784a0905c8562560bb909f147228cfd8f79fdd6f244f477fcac40b2c4741fb3974889071a56ad66e865b5c3d3baf4
SHA1 hash: ca316e34835a78672c5bfc7463e4365a4a1fc54e
MD5 hash: 86e31591512a41b19186cc52c12339cc
humanhash: five-lake-red-october
File name:Detalles del pago.pdf.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-06-05 19:34:39 UTC
Last seen:2020-06-05 21:00:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ba2c22a15b83f7c72be03dc2e7ed75d (1 x GuLoader)
ssdeep 1536:8zDrdLtwe4R8wDwvEtMjTpSKIP6J6DfdS7Kn8:Qrdh8hE8+jT0KYDKM8
Threatray 816 similar samples on MalwareBazaar
TLSH FF932A17AC29AD25C0A52FF17C26A84627066C14BB541EAF11C8FFBDFA705E23C56B07
Reporter abuse_ch
Tags:bat GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: Manuel De Anda <manuel@romindustrial.com>
Reply-To: Manuel De Anda <manuel@romidustrial.com>
Subject: Re: "Muy urgente" PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1bxW5qXdIr-dnjikh9Nn5-obkx4UpHfIj

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6813/
Detection(s):
SecuriteInfo.com.CLASSIC.32581.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 18:11:45 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2x67mwc3hl5vxc2gsj3z44rpty3kts3dmelrh2w6fkyqmpwqxk3a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
093e7cd7215e4c58cde245f8febd7ae91c79e3d01786e8166b6627536415dad2
GuLoader
2ea7c45996858960ac08d2362470f439e40f3b40f768db40cc8263ada70a8bf4
GuLoader
349a52b2d011c6f570d87ca4706a644c0f4ab8a6b96decd522c2fd789ecf50ac
GuLoader
73e1d44799f6f7dff81192f5a25a8fc978f3e1aaf5c94856a94ccc43ef2fc888
GuLoader
765500e5e5af3c7320a36073ad19d4ba4bd15a21a5c65e2ed61eabfc428244c7
GuLoader
8eeb849d5c8c4f3e9e1d2e6bd4f1de00f3c709555c5be74534063372dc4ffa6e
GuLoader
aef1b48a6c4077dd71346018f0fbbf86239a35f34babf980e4469da9ddbf42ac
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c98091ed44cd76e438ce2e7a9c71b57d37ff45903d365162040af94fa143b9f5
GuLoader
f8dec47c69d225551ae101236be38ea50944b01e14f64a8e5d4758c8e20ec6bb
GuLoader
+ 806 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-nj5rv3l8ne/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz c2d6d9d278b26448acea46835cbee5801eb3869e84cc7db370cc81be1db5c61a

GuLoader

Executable exe d5fdf6585b3afb5b8b4692779e722f9e36a9cb63611713eade2ab1063ed0bab6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/382344/
  
Dropped by
MD5 611da32aa35b16e2220036cdda1749bd
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c2d6d9d278b26448acea46835cbee5801eb3869e84cc7db370cc81be1db5c61a
Cape
Cape
https://www.capesandbox.com/analysis/6813/

Comments