MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5
SHA3-384 hash:	8d24dea6e6ec0f281e0d6b9f3d6435d5c48479e9ec8d7992301e07e049af273a213722b702bb90bcdca26d42f08bda1c
SHA1 hash:	c995eb1085e4fd1b099dbeed825dde604a8fab1c
MD5 hash:	90883738bf5de17d73b2b244acd3a125
humanhash:	two-cold-sink-black
File name:	product inquiry.scr
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	77'824 bytes
First seen:	2020-06-02 11:16:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bc2e556f01cd1bfe618fb846f08eccff (2 x GuLoader)
ssdeep	768:vqohc7416N8lBR2zFFSL2YY0Dic8aBegUsVYpDLDJSR40GrWlDg:ioFO8lLNLRDP5BrSHDJSz
Threatray	1'120 similar samples on MalwareBazaar
TLSH	E4735A07AE18DA11C1B142B16C67C7AE2F06BC1D86C65A8B384E6E17FF323E16C5D21D
Reporter	abuse_ch
Tags:	GuLoader scr

abuse_ch

Malspam distributing GuLoader:

HELO: schroder.com
Sending IP: 195.54.163.131
From: Andrea Werner<andrea.s.werner@schroder.com>
Subject: Product Inquiry
Attachment: product inquiry.rar (contains "product inquiry.scr")

GuLoader payload URL:
http://195.54.163.83/ody.bin

Intelligence

File Origin

# of uploads :

1

# of downloads :

67

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6075/

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-06-02 11:37:47 UTC

AV detection:

21 of 48 (43.75%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4novff5fcxo7eowgoh3bcc5y6anfsdqt2ro35ls6s3ql4qkcg22q._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298

2460c3a92796b5c40abef5471ee446623489b3c1bfb70f1015ab74961d477561

782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3

9a1bbd02f1dc5ae62f13a00f38067354bf8a754e72e3ebee49a8b6aaa7b7e41f

accddeb954844341b87c006344f21c50757cd228d2f071d39e8707209b1a49f9

c6d5e1fdae2634a3a2a29a8c5de69f725ebceefba86d3700bc922aac7f55a1f7

cee8a845815daa1914a89033be9f89287fab6194e8b8b700ec058013d6fa8c54

d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb

ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64

ef14e580eca50b75acae60fa7c6642fa89fc91ee8492f5193608937f4d78781b

+ 1'110 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-xepj6x9kde/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 112e4fd6e33b91c6378140c54f9f671969e1b18c4213f98d8155820e3c034e7c

exe e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/374271/

Dropped by

MD5 df32f2508e59b0591c5990abc5d910f8

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/6075/

Dropped by

SHA256 112e4fd6e33b91c6378140c54f9f671969e1b18c4213f98d8155820e3c034e7c

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample