MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fb5c63d9b022ede3b8fecbf58b0d93b9575ee5fb1aeac0cf080997133316eb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fb5c63d9b022ede3b8fecbf58b0d93b9575ee5fb1aeac0cf080997133316eb8
SHA3-384 hash: a6f0a165aff07ea180f898c413b00c646a6cdbafe27c40ea44d259f699e9c2cd23a6828258eed4a265c0128258e2a789
SHA1 hash: f8d8db5e3b9b8cc788d4eba06ba726e96c56b770
MD5 hash: ebe8e230685da5ee0fb02c2424fc6b8f
humanhash: fix-victor-video-four
File name:Faktur Bangun Nusa Mandiri.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'177 bytes
First seen:2020-06-02 11:19:23 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:mm5gAbu0j0ho9jEUacbUVIXxKpyx6KPHa6ySphkQ4M1wRgKks/6WRF:mm5g4uDG9gvcA2X1Ha6yphiL6/
TLSH CE13F10763BC9DA8B7175A655D61AE93BFBFE1146E84F9341DB3008024239BF222E45D
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ns1.mgrserver.com
Sending IP: 119.235.30.7
From: Unipower <unipower@almari.co.id>
Subject: PT.UNIPOWER PRATAMA - INVOICE 073/I/VI/20- PO.9100532496
Attachment: Faktur Bangun Nusa Mandiri.gz (contains "Faktur Bangun Nusa Mandiri.exe")

GuLoader payload URL:
https://asmobilya.com.tr/AmHome_bhPixbUN54.bin
https://cmdtech.com.vn/AmHome_bhPixbUN54.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:23 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n624mpm3aixn4o4p5s7vrmgzhokxl3s7wgxkydhqqcmxcmzrn24a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 6fb5c63d9b022ede3b8fecbf58b0d93b9575ee5fb1aeac0cf080997133316eb8

(this sample)

GuLoader

Executable exe 5f8025bc323e672da091a43d6d7ddf8cc6d9e880ddefde5955d0cbafd0092c83

  
URLhaus
https://urlhaus.abuse.ch/url/370271/
  
Dropping
MD5 a9fc64ec7c202d88678e637da9f2fd0c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f8025bc323e672da091a43d6d7ddf8cc6d9e880ddefde5955d0cbafd0092c83

Comments