MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fffe29a16f9f4f06318d753e6941bd4bc57f638a8dfd212fd8212d8ee1313647. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fffe29a16f9f4f06318d753e6941bd4bc57f638a8dfd212fd8212d8ee1313647
SHA3-384 hash: ebe9f5fde95d333e0b06cc7f3e6844b22f9840f7561c109697667e5356793fc71b2e163a8a3441d863121f646f2977a2
SHA1 hash: 9ba783430b708e428e9021fb6edc1ec592aaa647
MD5 hash: 73865e218b40b0e8452c318b73cae9b8
humanhash: december-cold-crazy-xray
File name:Photo.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 09:20:43 UTC
Last seen:2020-06-08 10:22:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e1b74a70275039befdca77e53bb5d7cc (1 x GuLoader)
ssdeep 768:rysfNpuRnnPilTjATMrWUgNVvqsoZscwipTkRXQJtEWx4Be3KO+QhO55zvgJYRlj:rysFY6TjMeLgNUJhTp0goKKUQ5bj
Threatray 1'309 similar samples on MalwareBazaar
TLSH 4B73AF036C04C562F0A086B16D939B8623166D295D43AA9777C96FDFFC31AC36CA132F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://5.206.227.139/tin_lGZoMeSoi88.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6970/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.7294.18672.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:22:10 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=777ctilpt5hqmmmnou7gsqn5jpcx6y4krx6scl6yeewy5yjrgzdq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
22f105861b8c373e94d70ac51cdbc0f03e784acee57727dae0d734587c6033a7
GuLoader
290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3
GuLoader
4e49f5147939257640ba4990f520c9dbe355c83b73d9deadfc8505c4a09f931d
GuLoader
76eab867aae0dcb9ec96ed5fca30fc051ac776981fa997c0b2b0e09905932aa6
GuLoader
83fc18a8a68814bb00e6d7bddbdce27ac5ffdc4dca8f57408e0db2124e4c441c
GuLoader
a8c03f50ff8217b8e4fe7e650360a566003875d0a943af2f2b3b895908872e4a
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c98091ed44cd76e438ce2e7a9c71b57d37ff45903d365162040af94fa143b9f5
GuLoader
e138e193f238741fd16716931cf287fbd71a927fa24dae8ec5eb46dca09f68f3
GuLoader
efbf4adb2b50d1284084841e1d5c1deb99a69d979fced2d2a5675fc666e3b76a
GuLoader
+ 1'299 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-jww94emncx/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe fffe29a16f9f4f06318d753e6941bd4bc57f638a8dfd212fd8212d8ee1313647

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/383065/
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/6970/

Comments