MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8dda9e99f125c3ecf5c3ae873ac202105208fd0aafbdcec927005343f02f71d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8dda9e99f125c3ecf5c3ae873ac202105208fd0aafbdcec927005343f02f71d
SHA3-384 hash: d5b77fcdc786ba789183ee42c314aa0e077f87cceb9e8f74b08437eedceeb307363bf58a36367848008c1f68903ea9de
SHA1 hash: 9e5217f82cd52562bc9faa5f726705c64a41c0bc
MD5 hash: 46a42c488d80f309a2af3f239745ac6b
humanhash: nevada-november-bulldog-alpha
File name:eInvoicing_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-06-03 13:17:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bd50e7824cd3bf7ae401667868d107e5 (1 x GuLoader)
ssdeep 1536:dSPfxV40woPkgrKHxLdGKc+o0FDHdZ1gIFXWrVMVqZ1btOlL:4PXrPKVdhjFD9zwMqZSlL
Threatray 1'409 similar samples on MalwareBazaar
TLSH A2B38D03EF4C8553D1888FFD2D139D797A1CA9490C445BEF22B56D9AAD31A832C9F21E
Reporter abuse_ch
Tags:exe GuLoader TNT


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.469.celumltd.casa
Sending IP: 139.59.65.223
From: eInvoicing<support@tnt.com>
Subject: TNT Original Invoice
Attachment: eInvoicing_pdf.gz (contains "eInvoicing_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1E-TEnTkl7iCuxnwomebx5928JG2jmkV9

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6307/
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:38:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5do2t2m7cjod5t24hluhhlbaeecsbd6qvl55z3esoactipyc64oq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ad4f6db3a7a39ce0c3df5c2424f572c6a24645cd6c40e4446843dba3e646a12
GuLoader
3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7
GuLoader
4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe
GuLoader
52f217cdebe83217297bedc352fac2e475e293e6cad52a1335b3641eeb8c412b
GuLoader
5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7
GuLoader
79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8
GuLoader
a465bb38250994671f200d8c66cfc0718354bc8974713ba6f9f3eb15a4acec7d
GuLoader
bc7549c1281f3ce45abcaad7408522374c97421e9031998b7959bd5e59b27a93
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
f060225054513f81f7600706174134f5bed19ede10f3134f59514542305c7f2b
GuLoader
+ 1'399 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-s4s99f4ee6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz f2c4db40f120a49cc9966e9b901a6e26827ab127a47f98ee33ed70426b3fcb8f

GuLoader

Executable exe e8dda9e99f125c3ecf5c3ae873ac202105208fd0aafbdcec927005343f02f71d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376184/
  
Dropped by
MD5 e1a3e7b10b9f45257fcfed1451338797
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f2c4db40f120a49cc9966e9b901a6e26827ab127a47f98ee33ed70426b3fcb8f
Cape
Cape
https://www.capesandbox.com/analysis/6307/

Comments