MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
SHA3-384 hash: 998b8b4d30b27c8b91b779c76e0ff2a89613e705a734474ef5899f0722bfd6e7339ac090ecc5016be2473be47472f627
SHA1 hash: 084bd58c893fa819b2a8677ac84da1c4cd046add
MD5 hash: 103e732e62ffbcf48dff65ad9329cc23
humanhash: jersey-twelve-yellow-mirror
File name:Laityrigsf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:05:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ff382eefdb4feaa69ce6df681d9daac3 (1 x GuLoader)
ssdeep 1536:INSPfxV40tvAaikgrKHxLdGKc+o0FDHdZ1gI0XZkuR3Eosy4O/jM:1PXSaMKVdhjFD9zgXNOyvjM
Threatray 1'048 similar samples on MalwareBazaar
TLSH B5B37A13EC0D8613D15447BC3D569EBA7B1DA90D09019BDF7039AEEFAE352822CA711E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.richermoren.tk
Sending IP: 64.52.164.202
From: HABIBULLAH ASSOCIATES (PRIVATE) LIMITED. <ubacen@richermoren.tk>
Subject: 回复: 回复: LC DRAFT -- USD 7,470
Attachment: LC DRAFT -- USD 7,470_images_.rar (contains "Laityrigsf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=14a66mMWwuVQ32Dv5jZI2oHaPF_IfjDDz

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6276/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 10:34:18 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6sssf5tt4of7oxlbvda4kpoerm3l4lbxtbrfttmo663al7lhc3fa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2f99de0c12f67f877e1944d5bc6f889ff9013fb7e902b91260f4bdc952959d7e
GuLoader
335d8ed00053696daafe3bf49972b52e1db2588c913d6de0e14e6fcd158d90c5
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
77b78883671d865b91db205f68f7e5e69c9ad68687f8696f390a9b4b1449090c
GuLoader
7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8
GuLoader
87f0608e17f3f39e988ac186a431366e1de35968b89943a03f6681e23ab5b684
GuLoader
883f3aee2a5fbc449a9f67c9a35dbbf74ddb22e5e9e8a08c9671407bcf5c781f
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
ca1db184290b274c1f78b091bf019926fa258dd8b1f5bb316a55832aec970338
GuLoader
d571629d266c5354146cdfe698d79c88c33e598aa6c8d9a0587662c6b5421ed2
GuLoader
+ 1'038 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8fqrk5pbqx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 255f5148c003a30ba06251b10f9b022016e7513022a569761790963d91c2f2d3

GuLoader

Executable exe f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376001/
  
Dropped by
MD5 76a1d9732df6681b1b65db2348fb530e
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 255f5148c003a30ba06251b10f9b022016e7513022a569761790963d91c2f2d3
Cape
Cape
https://www.capesandbox.com/analysis/6276/

Comments