MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa2704a2b401f4c80b73ace6206085d92b23e4a7b31147ee64f749b08631f8c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa2704a2b401f4c80b73ace6206085d92b23e4a7b31147ee64f749b08631f8c7
SHA3-384 hash: e9109bfc0e018d61775cb471c061865ca44def92a64ef651040e675fd2e7acea113d8046d8d4b1e25eb7ddbefb060250
SHA1 hash: caed33a3a01ed68eaae62cfe8d840fc458f5bfc7
MD5 hash: c01dc430dccf1e5dba73361240c3cee0
humanhash: west-cup-equal-twelve
File name:MT103SWIFT002.pif
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 12:05:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f2226b54ffab5754199c6506ce6c6b56 (1 x GuLoader)
ssdeep 1536:r0ysFY6TjMcx7D+sZdp0goKKyhxCVHF+2:FxuQcxBVnryHF+
Threatray 784 similar samples on MalwareBazaar
TLSH 0B73AF0BAC04D5A6F01042B17DD3979A23172A685E42AE5B3B9D6F9FEC305C36CF521E
Reporter abuse_ch
Tags:GuLoader pif


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mana1.bbconstruction.online
Sending IP: 104.168.170.170
From: Mary Ann <contact@bbconstruction.online>
Reply-To: Mary Ann <ann956844@gmail.com>
Subject: RE: Payment Update
Attachment: Attachments.zip (contains "MT103SWIFT002.pif")

GuLoader payload URL:
https://drive.google.com/uc?/export=download&id=1ZcuTWiAVMvQJ6KV3-eomkgJbWSflc00H

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Remcos
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6999/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.3027.23095.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:07:11 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7itqjivuah2mqc3tvttcayef3evshzfhwmiup3te65e3bbrr7ddq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
07f21e8acc3843aa44347b928c180902577a40850a8c671065920cb81ea8beb3
GuLoader
0a682307d22d40a846815f740a4d827f3ffb63f93868de95da5d17a628c00f39
GuLoader
615b9395be665d265953e69924b4df1808eda0fd40381d6d469bf4c362590125
GuLoader
765500e5e5af3c7320a36073ad19d4ba4bd15a21a5c65e2ed61eabfc428244c7
GuLoader
79f98a45cdf0776c1ae83a4b027ded395fe8dfc4b520f51706fc7207b1e4c630
GuLoader
9b04212fb1aeea566fe8268a73e7449addf9fc0c09dbebec6fae9cebae9834c3
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
e83cb09eb3d37595a1840cd716ef1e64e2d3d564147e32fcd10564cf43f5b32c
GuLoader
f8dec47c69d225551ae101236be38ea50944b01e14f64a8e5d4758c8e20ec6bb
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 774 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-npvzfd8qge/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip c374f75d17d6b5f497d2d57ce5e39be48434638a2e6cb0d995dd8a325f5db102

GuLoader

Executable exe fa2704a2b401f4c80b73ace6206085d92b23e4a7b31147ee64f749b08631f8c7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383083/
  
Dropped by
MD5 cc180c52d1a9a7c50fba09e5d039f2d7
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6999/
  
Dropped by
SHA256 c374f75d17d6b5f497d2d57ce5e39be48434638a2e6cb0d995dd8a325f5db102

Comments