MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eab3314405f92ae64e873677f8c2f47c6d1b6acab14e3f9a27e3580dd8409b72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eab3314405f92ae64e873677f8c2f47c6d1b6acab14e3f9a27e3580dd8409b72
SHA3-384 hash: 711e8827889f0cece62b5bddc59637a4052bcd0d38fab97e7f9c12c2bd743379ff5790cd65a83162a39da17d3770d163
SHA1 hash: f90507008ff59289dbcfb1dfd54c59b9bf16e399
MD5 hash: 76bfe19b1ba7154bbaa04e69676cb905
humanhash: burger-edward-mirror-timing
File name:rechnung.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2020-06-10 12:36:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6fed7c27b28f190f0df9c0133e3243e2 (1 x GuLoader)
ssdeep 768:bbS/tEfq4d4DdewLoydg61pjsnGFk091X+0bbM5BgdQcNYjaAfe5s4TOKm8:bS94d4xRkOgMpsn0/7rbKBsNYjmRp
Threatray 33 similar samples on MalwareBazaar
TLSH BC637C1F7E08D593F23A46B01463A6A11767AC1C8E00BE4B2E9CBE1E95311D6BDF721D
Reporter abuse_ch
Tags:DEU exe geo GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dd25616.kasserver.com
Sending IP: 85.13.144.200
From: info@autoglas-gevelsberg.de
Subject: AW: AW: Zahlungsbeleg und Auftragsbestätigung 10-06-20 Rechnung_20-613129926-001
Attachment: invoice.zip (contains "rechnung.exe")

GuLoader payload URL:
http://156.96.118.179/slxslx-2RAW_gwKBF147.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/7545/
Detection(s):
SecuriteInfo.com.CLASSIC.6555.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 09:29:16 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5kztcraf7evomtuhgz37rqxuprwrw2wkwfhd7grh4nma3wcatnza._file
Verdict:
malicious
Similar samples:
0d6ae470c3a3700a88b9a1c42d6216e0e0dd9ba7005c3fe8c7cdaa1108408fab
GuLoader
2090709916a41cfe9ae1ebf1fd4e1dc13803e1cbefac6b796a79311cb5a95e2b
GuLoader
573e0b24a46f4c80e6e20d935166a5cbe9bfb3c9704831ac3d2f12ed704290c6
GuLoader
5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41
GuLoader
8e8ca471a9f9af066d0c6bc50224b2a42047babcf74fefa7a2746e2177148743
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
dbfdd9906827edada6d6bb63194a7b952f6e5f7592f59f2a9b7ff0dbe9dd01c0
GuLoader
e3936d05a6f6931946763895cb68f9afc1708643c41c78a179dce0b87f3abc08
GuLoader
f6d45dfe2df55a795c38882a4b7505efcf2ba8af52e065973c5522cecd5099da
GuLoader
f83a6bef755f005fcc8ac28da9b41ab4aa94d06d43543b7dfef4ff157b75226e
GuLoader
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-15kzjdsxhx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2383960397d781bb36386719e1738ea6f0af2b3c57883cea524fcb636213d74b

GuLoader

Executable exe eab3314405f92ae64e873677f8c2f47c6d1b6acab14e3f9a27e3580dd8409b72

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374619/
  
Dropped by
MD5 3581f70b136373a93c7010847d992bec
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 2383960397d781bb36386719e1738ea6f0af2b3c57883cea524fcb636213d74b
Cape
Cape
https://www.capesandbox.com/analysis/7545/

Comments