MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8e693957ed5178a7f00b1c5705dae298b7e04da07d5c154a6580c031369d6ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8e693957ed5178a7f00b1c5705dae298b7e04da07d5c154a6580c031369d6ab
SHA3-384 hash: 204022510bd6c19c4c7569aa206a6cb978d1172dc6ee07576301825206cd8a824a47afae8a64d58293afd004641d31b6
SHA1 hash: fc7745c297f1850ae13c578e59d87d26c4e1b68c
MD5 hash: d3e6b625edf7905cfe67887384fec7f4
humanhash: autumn-october-juliet-winner
File name:Colloc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-06 06:08:45 UTC
Last seen:2020-05-06 07:05:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1eeb7e5b1a3b0199109426abccddc7ca (2 x GuLoader)
ssdeep 1536:+KbjOYA3+66W8SoHS1zJYvkcbTqVUy8b+y:LjfSXYMgTUUDay
Threatray 324 similar samples on MalwareBazaar
TLSH 70B30A946AA0DC13E15879B2EB90F15DE7A5AC356831960732C2734A5F369C2EF3132F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AC.8089.1181.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 04:00:31 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3dtjhfl62ulyu7yawhcxaxnofgfx4bg2a7k4cvfglagage3j22vq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
167d491785e99c6aec1e23ef064eceb9e7ac81af33262d7e3d3e51cc8759ce70
GuLoader
4860f303cff9925131edb7ce8b5ac727869bf318a88aecb3a31a258f2679de5c
GuLoader
552f8a15f83c9c40034cbada93c326a24b8677d7413e8395bfd7f3a6461d33b3
GuLoader
83e97420dbe39c6e29e2ae3dad80f21afe93d1b6ea88962a89762cd64772db41
GuLoader
aff13266e5803a58effdba6e01d44dd6b083db453a0dbf2528f5e729d33918fe
GuLoader
c0a66966676974f8b853ba487eb3e06e8952ccb0f9d6930bf2d1c67293ee21f1
GuLoader
d025b24f7179db8dcc6dda416f90220e9559dde564a5b24c0dc7a02fc823c97c
GuLoader
eb69f1b5d596096808339dd39376f1685bf94376491a8df091c9a788d0dc1ef9
GuLoader
f17c37c6d5e56b96e7d603d1eafcb885b8c229cd1a6ec1d669b1dadcce59bdef
GuLoader
f85b3852381cfbabd654be01a21ffbb798a0feaa3f360fff66f27d499c174898
GuLoader
+ 314 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7whkrphbdj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe d8e693957ed5178a7f00b1c5705dae298b7e04da07d5c154a6580c031369d6ab

(this sample)

GuLoader

rar bbefca4819ed3b52a0645e5af635678a0b7290ffa6e5d0b3dfa1b38b30bf6c66

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bbefca4819ed3b52a0645e5af635678a0b7290ffa6e5d0b3dfa1b38b30bf6c66
  
Dropping
MD5 0b5b772fc0b9230370a65af587a559c7

Comments