MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 710c0f9d85b257932cceb0a3e8826b2a190d1e1dc10b9c155f14bada66e538a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 710c0f9d85b257932cceb0a3e8826b2a190d1e1dc10b9c155f14bada66e538a0
SHA3-384 hash: a57348c718dfe3ac9321c20419498e21a479ccc4497a1b06523f405e9fc68f957bac38cf98b00b809fcb6868ee548c15
SHA1 hash: 8981648d4854cec2a8e7f2cf9f429d0333df7efd
MD5 hash: 623a258bef20ffe6422162ad40d4de91
humanhash: burger-ten-glucose-december
File name:777504307241.GenesisAWB.PDF.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'845 bytes
First seen:2020-05-23 11:52:42 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 384:J2VZJS+AANc7glwKnlnwrlASwVnoqifEo6oEwIJCCcBSH6SWAcE:JwZ4+A2c7g+KRuGVoqFLoEICiHAv
TLSH 73C2F1483D50E5A83C917F75CEB3C8A66E5DCA14E54EEB343014BC4A2AD9A37CF76680
Reporter abuse_ch
Tags:FedEx geo GuLoader gz ISR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ganesa.dua.rumahweb.com
Sending IP: 103.253.212.231
From: Fedex Station Admin Office <sales@estuadiarta.com>
Subject: [חיצוני]: הודעה על הגעה ל- FedEx על ההגעה - AWB # 770116605315 // צריך אישור BC23 ????????
Attachment: 777504307241.GenesisAWB.PDF.gz (contains "777504307241.GenesisAWB.PDF.exe")

GuLoader payload URL:
https://heavenfort.in/MY_XXX_VUVHawg214.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.878571.22007.308.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-23 12:36:27 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 710c0f9d85b257932cceb0a3e8826b2a190d1e1dc10b9c155f14bada66e538a0

(this sample)

GuLoader

Executable exe 122256cada458b72697ddcda3d76cb49671318a2e38e898f7f38aeb6f1a19cab

  
Dropping
MD5 47de2a067254fabff0b508b781b1699e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 122256cada458b72697ddcda3d76cb49671318a2e38e898f7f38aeb6f1a19cab

Comments