MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54455c818b31abd8e0bab5ac7001a2882ef478388b84bfe4c0f13a2c118815d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54455c818b31abd8e0bab5ac7001a2882ef478388b84bfe4c0f13a2c118815d5
SHA3-384 hash: 4510a8ab032e953ad0fe7d02bb72f7feec356e43700e7efb0c9b6f474fd11831343f2057400a2ffa640ffb32965a7c5b
SHA1 hash: fbc13a304521a5eec7208601fea315aa2be012df
MD5 hash: f1229df02176899f2b03b552dcc336e0
humanhash: angel-blue-solar-low
File name:WJ220200602.cab
Download: download sample
Signature GuLoader
Create hunting rule
File size:41'072 bytes
First seen:2020-06-02 11:21:12 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 768:uKSEhGJSzbBIf4KEAhixXxzrKefJ1hfUf0Yyz5T2fOMX8/RpGOQiN55LzLZMVYC:FGEkUAgxNj1hfUf7yUGMMtVN5lvZMV1
TLSH 1C03E16A1FC3C7AAF0894465421339D563B8D57FB9A406BAD3E49A43C9F10F8CE814A7
Reporter abuse_ch
Tags:cab geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 한석 이엔지 <yongtae21@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: WJ220200602.cab (contains "WJ120200602.exe")

GuLoader payload URL:
http://ekenefb34logs.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/wj1_KJhrVPL18.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 09:31:17 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=krcvzamlggv5ryf2wwwhaancraxpi6byrocl7zga6e5cyemicxkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

cab 54455c818b31abd8e0bab5ac7001a2882ef478388b84bfe4c0f13a2c118815d5

(this sample)

GuLoader

Executable exe cfc1cfcb5119cb196b34e5905578d55e2afd871f2b93f820637e6386168892c5

  
URLhaus
https://urlhaus.abuse.ch/url/374158/
  
Dropping
MD5 ad147777ba9a06e859227fdb0f0c46b1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cfc1cfcb5119cb196b34e5905578d55e2afd871f2b93f820637e6386168892c5

Comments