MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50675f0a55edde7d6cea42349f52d0116e22096bdf646e397c56b77bb81903c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50675f0a55edde7d6cea42349f52d0116e22096bdf646e397c56b77bb81903c9
SHA3-384 hash: 4015d41bab5dd561f661b37b4d5f1405e1992cf5af073022ecc34c504b3ae1ac7e294946f89c7612457e540686eab9fb
SHA1 hash: 6dcd629a4d09f72e3b02884d92bdc3d608c53d37
MD5 hash: 1ee1fd173f5b141897e73e2ba5657e7f
humanhash: lima-yankee-seven-mississippi
File name:POPM0158.ARJ
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'829 bytes
First seen:2020-06-08 14:47:10 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 768:MQH812E/Q0auI/svHIx2Ofe0DuIUblcjgotmc/MsJ8Kyni7ny7JNkh7oy:HH81r/JRqUO2OfVDgblcTtH/nSKyi7S0
TLSH 8813F1B5A41CFFE7624A39100070DF4265E4A27B3F2997D7BFA8175FA01A8ED6243705
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: loft11155.serverprofi24.com
Sending IP: 188.138.57.207
From: naivasha@capyei.org
Subject: New Order #PM0158
Attachment: POPM0158.ARJ (contains "Udpantning.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=15xPGmz8SkqXgoMEABNYey1kQvFJni_x2

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:49:05 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kbtv6csv5xph23hkii2j6uwqcfxcecll35sg4ol4k23xxoazapeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 50675f0a55edde7d6cea42349f52d0116e22096bdf646e397c56b77bb81903c9

(this sample)

GuLoader

Executable exe 494d5e5f87c9552bce9a4c255ab358cabb144982fca06703255e0ec791626865

  
URLhaus
https://urlhaus.abuse.ch/url/383144/
  
Dropping
MD5 4c13eebfcc4a5654a45c0eda27773b77
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 494d5e5f87c9552bce9a4c255ab358cabb144982fca06703255e0ec791626865

Comments