MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a42dcdc96f5c1e2d8710ccded513da95701a17b0020c1313a7acdfc9517da55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a42dcdc96f5c1e2d8710ccded513da95701a17b0020c1313a7acdfc9517da55
SHA3-384 hash: 8256a02129aa6e7f1aab20f6e58524e85e4139a2f347a3eb8a0a5682befda50074152574dea9b938643179a782bf6159
SHA1 hash: f9e00e41c5686d6ab1f28d3d3013e3385765c027
MD5 hash: c5dd1c373f53f9cf3b645f48a38a72fb
humanhash: item-equal-helium-london
File name:Required Materials Equipments For Yas Island Construction Development Phase 3Package 1.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:42'876 bytes
First seen:2020-06-02 11:21:05 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:OY53k7gqDbr7UeLqzsF2aLcnK8CsanvjncwXZia6kF3PUr5ucZlOnxPHbp5FigUS:Ock7jvrYpzfaLcnAncwwNkF3univFihS
TLSH 6C1302D268377A2D2BA9274D8C87253B321CD17BFD9C13A6710C736EC95B9B04316592
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mailmarketingworldpad.live
Sending IP: 106.75.36.102
From: Shahabas Parol <sales@mailmarketingworldpad.live>
Reply-To: Shahabas Parol <office.rep@mail.ru>
Subject: Quote: Yas Island Construction & Development Phase 3 - RESIDENTIAL, INDUSTRIAL, COMMERCIAL LAYOUTS & INFRASTRUCTURES (Package 1)
Attachment: Required Materials Equipments For Yas Island Construction Development Phase 3Package 1.rar (contains "Required Materials & Equipments For Yas Island Construction & Development Phase 3(Package 1).com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=B3805920E5EB0711&resid=B3805920E5EB0711%21108&authkey=AHQFlPivyZPtVl4

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:22 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=njbnzxew6xa6fwdrbtg62uj5vflqdil3aaqmcmj2plg7zfix3jkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 6a42dcdc96f5c1e2d8710ccded513da95701a17b0020c1313a7acdfc9517da55

(this sample)

GuLoader

Executable exe e5e0a549727c9af4b170b6181dd1f69f8f5bfd268ef711c27a1687face31f052

  
URLhaus
https://urlhaus.abuse.ch/url/374157/
  
Dropping
MD5 159dbfb5cffd7e867aaec676551b5096
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e5e0a549727c9af4b170b6181dd1f69f8f5bfd268ef711c27a1687face31f052

Comments