MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27e5f4bb68f9a8c9c370db92eb075afc16c92a7ec81d764cb317847087024681. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27e5f4bb68f9a8c9c370db92eb075afc16c92a7ec81d764cb317847087024681
SHA3-384 hash: 53ce4ca2c0441090beed3a669add9741705bc512a90391449e0bdc62b2918a723ae978ea0d7ae1bb53fe19fa011a6a62
SHA1 hash: 3468265ae4535fcf966596e134da4cbf5e83caba
MD5 hash: 69f487f9eced99ef9ab6cb28347a2a2b
humanhash: louisiana-pizza-indigo-batman
File name:Purchase order.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'272 bytes
First seen:2020-06-05 19:34:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:KRs8sZC81qvmsCVv3rM3BnIKFgfzPVqnZX+PeZykmApyxXgdSz8LfLWR7VS2:KRVsMiq+TRwTFgfzP4ZOeckmicqSQLfM
TLSH 01130244513756E29FD3F84B8D6AEA416731BCE2C03A2DCC602251FB3E8E29693195FC
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: conwmuserg-02.nifty.com
Sending IP: 210.131.2.101
From: Abraham <sales.dept@opoczta.pl>
Reply-To: sales.dept@op.pl
Subject: Product Inquiry
Attachment: Purchase order.rar (contains "Purchase order.exe")

GuLoader payload URL:
https://pars-science.ir/chucksaswellll_tgBea101.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 19:36:01 UTC
AV detection:
21 of 47 (44.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e7s7jo3i7gumtq3q3ojowb227qlmskt6zaoxmtftc6chbbyci2aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 27e5f4bb68f9a8c9c370db92eb075afc16c92a7ec81d764cb317847087024681

(this sample)

GuLoader

Executable exe 8fa47ee760cf1c21de132ec77eef49282a2312f197aba6026ee1de750051014b

  
URLhaus
https://urlhaus.abuse.ch/url/382343/
  
Dropping
MD5 46683256cebe018d206534d46f7f9187
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8fa47ee760cf1c21de132ec77eef49282a2312f197aba6026ee1de750051014b

Comments