MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7e975690cea31ddff67f92f89ee45cf24f09d9e3f7e91b8f3ee6305d23e52d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	d7e975690cea31ddff67f92f89ee45cf24f09d9e3f7e91b8f3ee6305d23e52d5
SHA3-384 hash:	4cbb927cca4db35501a0b761d09427f66f6052496a7946951a8047d093a5366f7d836bd5f88b96a81db1b4a8ebe27b5e
SHA1 hash:	b32687fb6dd5713583089016afb8e412fa73b29b
MD5 hash:	0281699d16d6466c44df867bc0009d56
humanhash:	cola-oklahoma-salami-bacon
File name:	Catalogue.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	131'072 bytes
First seen:	2020-06-05 13:41:24 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1fdb9226aae9b71cf5516a5bb8a96bc5 (1 x GuLoader)
ssdeep	3072:jWfEcuDynDs19hjEkjHotk3PV55hkXuq3pKXE9LKzp:SscuDYs1PvjIS3PV6UE9+
Threatray	5'112 similar samples on MalwareBazaar
TLSH	F3D36C032D59CB19D09569F07C936C5E36176A08AE4066BF0084AFFFBD712A1ACDA71F
Reporter	abuse_ch
Tags:	CHN exe geo GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: capitalhillfg.pw
Sending IP: 194.87.190.70
From: Mitali Shah <Mitali@capitalhillfg.pw>
Subject: 新訂單通知
Attachment: Product Catalogue.zip (contains "Catalogue.exe")

GuLoader payload URL:
http://194.87.190.89/111.bin

Intelligence

File Origin

# of uploads :

1

# of downloads :

87

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6705/

Detection(s):

Win.Malware.Guloader-8002906-0

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-06-05 09:27:40 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=27uxk2im5iy5373h7exyt3sfz4spbhm6h57jdoht5zrqlur6klkq._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

03cba0b3813108ec932306f5aaa9d152603a834b9caf3c601722a9cda41ca194

0d271903774ae9467d80cad6fcaec4d2ea4653b8eb4c28e0a1c7dbe0849ccd01

1621dac1140afd3e3eed4b0f4ab0a93e81cd56c76e7532a0cc03d0b5a8dae04d

2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401

722c38612f58a2762ae67f38d4342c7aaa59c89c3546cbe0d69f4700b55420fa

85505333febdea8ad7713419b8ee4aa5acec7ff62a5f0e3a3649ecc89be6a681

c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0

d106f149f1605d6e64cf05b6d1208343cbf2f5a3491de4c6b05e12f77fa6ae31

d7aef406cc623d210aa08b240098e0976b28d745685385b8aee5df41e78e5e4e

f7111becb8c59613ae4843dd30281edfa7684a931100f18fe64f75364ed85bf3

+ 5'102 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-2q7hr615wn/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip dc7ef57702ca397a5696ad9fbebccf153a9574f39e538e667e5cef7e957c8988

exe d7e975690cea31ddff67f92f89ee45cf24f09d9e3f7e91b8f3ee6305d23e52d5

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/382089/

Dropped by

MD5 0e9e0dbcc73118f1d0a7cd6c32260bc0

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 dc7ef57702ca397a5696ad9fbebccf153a9574f39e538e667e5cef7e957c8988

Cape

Cape

https://www.capesandbox.com/analysis/6705/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample