MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da512b133967f3db61051f84669d6fadf309e53ac72906d581e8bb72851d726e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da512b133967f3db61051f84669d6fadf309e53ac72906d581e8bb72851d726e
SHA3-384 hash: a1145c466676e9dd053e7862756ed1808ee95fbe446d4b266736cd2db9a62ee0a74e4be7233702863148fac40f9541b1
SHA1 hash: c9ae67469ca650596aea56723e1a93d506aef8a5
MD5 hash: 5fb2d3b0d3fad52e6be65001a61cb6d2
humanhash: sierra-single-blue-ceiling
File name:PO_1174184.XLS.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-26 07:34:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 193f7efcc4b0d870d6a101ddb95580c9 (1 x GuLoader)
ssdeep 1536:Z+ZX7KN9GSEM+KSGia09tF+n/15V1lmfmFYZ:Z+Z2NgSEM+KlmEe
Threatray 774 similar samples on MalwareBazaar
TLSH 7AB3E8537EE4CCB1EEB54BB20C724AA84F3BBC510C914F03364AB74D563B58A29A9375
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: icpgroup.com
Sending IP: 37.49.230.137
From: Purchase <jalvarez@icpgroup.com>
Subject: Purchase order: 1174184
Attachment: PO_1174184.XLS.zip (contains "PO_1174184.XLS.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1LrP3bbTBd3gWEFVsd55cSLffB_7w_1uW

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5627/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 16:06:03 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0844334598a3afd4d6c303956a1e56247c59e369b837b71ff31a55d1b404a4bc
GuLoader
2514cc0d95a79227b308e5834eb780ba105109fcc7fc02fc11ef3a03e61cac46
GuLoader
2b2166f900572c98775661fd3905d86451e7470c2e548fe234f20f2069c93331
GuLoader
42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58
GuLoader
4408001ae2b6c11aa2c25f77fea7d8c2118d7eac3f8409246be40b7549b408d0
GuLoader
8e01834fb94698ea94b41965f1847d283f14daaad211d567ee199b6b2caa0992
GuLoader
c2fdcd6737639defbb98a8cb6d0799f59644599d77b0d8bb231a64dfba2a26db
GuLoader
c3242f5a544110304212594891c9f8bb0c2e61f29d904271a09f5b0f94437348
GuLoader
d471a26ba030922f886a2ec9556784f9e38f07f8ae43281b7191fd7a34ef9750
GuLoader
fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464
GuLoader
+ 764 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-tqf4fcvl7s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1f8be56475ab19337da51d7da4b304611a8310f23f522df41a67c82f378ae08c

GuLoader

Executable exe da512b133967f3db61051f84669d6fadf309e53ac72906d581e8bb72851d726e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368646/
  
Dropped by
MD5 b7bf2f2266a36decb9630d15bb14bf8d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1f8be56475ab19337da51d7da4b304611a8310f23f522df41a67c82f378ae08c
Cape
Cape
https://www.capesandbox.com/analysis/5627/

Comments