MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40
SHA3-384 hash:	5092459b84ad2d0c7a1eb588c3efccf54bf272a3e13de5d5387c193d2c9285ca95e4f6ac68b0e65c41c52e2e7d745e3f
SHA1 hash:	48e6f86cce3498657830b5976380023c3380f1fc
MD5 hash:	967bda63be01726d9e336921c49d4304
humanhash:	gee-sodium-zebra-fillet
File name:	TNT Original Invoice_pdf.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	110'592 bytes
First seen:	2020-06-03 04:13:30 UTC
Last seen:	2020-06-03 09:40:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	06b10798d523e42e4ecdd86d55701387 (1 x GuLoader)
ssdeep	1536:ESPfxV40B0SRzAZiM+jkgrKHxLdGKc+o0FDHdZ1gI1H8XXUiZHk2xmMtMGadX:FPXBps2KVdhjFD9z5cXzttiX
Threatray	1'979 similar samples on MalwareBazaar
TLSH	70B37B07ED4D8623C1144BBD2D429EBC3B0DA91D09006BEF7579AEAFAE316821C9711F
Reporter	jarumlus
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

4

# of downloads :

68

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/6227/

Detection(s):

Win.Dropper.NetWire-7996875-0

Win.Malware.Razy-7997182-0

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-06-03 04:35:38 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

26 of 48 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=53cg2zn6bgug6joishkgezy2piftcqhojkfgvqfj7j7byvviznaa._file

Verdict:

malicious

Label(s):

lokipasswordstealer(pws)

guloader

Similar samples:

0f9f76e8ffa64b600745b99b8f7b51cfa151299424e6523995c6c0bcd7a5cd6b

136951ab2919602366049b534cc5159e1d6da7bc46a9131ce292dcefaf05c449

439b4bf202d997d215433860e0b2e2ccf9a53dde53f3c4a0482450d4550c4edf

a604cb5bd365ad6662b63b91c891d9af6c02a4fd89d29d6ad775d9401b31ac14

ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439

ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49

b584d8b69ef7c3f2689e4cecbec9932b84ca55e03c87b1aa9a9b9f56a1ba6c94

bee2e75a7187b8d59c62e37425a14998512cdc6d5cf0023151ad071f0750f4c7

f96524898a01e5bad30e3d007cd96ba787a25419141210042df0bff2afab6a02

fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0

+ 1'969 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-b9mbw8llfn/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 7de6b095abcd50f8f674b3772462c509fee2144e930a3ccb14d2f5117954a216

exe eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40

(this sample)

Dropped by

MD5 084faea18d7ec3024b7f15b2cb7e79f4

Dropped by

SHA256 7de6b095abcd50f8f674b3772462c509fee2144e930a3ccb14d2f5117954a216

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/6227/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample