MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8ce2fc9936957e5562804f9e72a2e0f96b680605947ab9ea9c881548aafd6df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8ce2fc9936957e5562804f9e72a2e0f96b680605947ab9ea9c881548aafd6df
SHA3-384 hash: f15a5a5d6353a14c3820a70a3b2f09435867bd26583d00c0b5257b1def0938aab006c08d48b1e1e8ae4b8622b66dc5e0
SHA1 hash: 5b6eeb4efd83f142e2981541306773b8a961dd24
MD5 hash: 2e9154cd709eaf31c9774880f2df0728
humanhash: mexico-kansas-venus-neptune
File name:Fimrecellerneha4.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:57'344 bytes
First seen:2020-08-14 09:35:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 19fa7d1f9041d2a260f5289829e3f7b6 (3 x GuLoader)
ssdeep 1536:XatPVJGOwlFtATVrH6pS6UihxlfFfU3sT:XatoKapS6UGfX
Threatray 2 similar samples on MalwareBazaar
TLSH 1643E66768F4A13AEB1B4FB21B245BA8034E7E341422CC03E9873B595AF7E45953132F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Komat Korea ltd <info@uk.flightmax.nl>
Subject: Urgent production request
Attachment: Requested Materials List_20200429_1..rar (contains "Fimrecellerneha4.exe")

GuLoader payload URL:
http://ilobabascity.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin%20K_hfbOkwSdoC13.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45721/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/429224
Signature
Potential malicious icon found
Potentially malicious time measurement code found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e8ce2fc9936957e5562804f9e72a2e0f96b680605947ab9ea9c881548aafd6df/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 09:37:07 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5dhc7smtnfl6kvriat46okrob6llnadalfd2xhvjzcavjcvp23pq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
c444900170cfcfffd0053d55120ef3de1a37aef88ce5a927a3312b54411a4032
GuLoader
e261dff0d343917a991d8a85c2cc852008b3a9ab5a7ea0e088b2b54a83c9147d
GuLoader
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200814-hrgn2ewdrx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/e8ce2fc9936957e5562804f9e72a2e0f96b680605947ab9ea9c881548aafd6df

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 0715cda8a36e88fd3292d68b3070bac566e977747ef1eab23380e83e8c7a9b48

GuLoader

Executable exe e8ce2fc9936957e5562804f9e72a2e0f96b680605947ab9ea9c881548aafd6df

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/432984/
  
Dropped by
MD5 b71466702d04ada0b4465f6514df2819
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/45721/
  
Dropped by
SHA256 0715cda8a36e88fd3292d68b3070bac566e977747ef1eab23380e83e8c7a9b48

Comments