MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b31183204d79bdaaebc9e57bd45d43b6d2e6e3896fed985ca44e91223226a95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b31183204d79bdaaebc9e57bd45d43b6d2e6e3896fed985ca44e91223226a95
SHA3-384 hash: af441318c1c3c54cb70f0aec23612c3d1cb29d42f5a981ceb5d55ca451f32990efdcd3d5a1810888d878b5f63e1f884b
SHA1 hash: 6e7bc60365854d446b0862a5b937db9d3cf4aebf
MD5 hash: fff2cbde1fc6093b35d4fa5005599ef3
humanhash: west-social-carolina-minnesota
File name:FA 2374 LDS TEMPO JACKET.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'344 bytes
First seen:2020-06-02 11:20:55 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:7UmAn0NpNNC2AwBtPy0lxLuKkVlRQBXFia0FPJyYyqlqKHPXLrvIIcAMG:7Um2ipNN1Fhy0XNkRccvFPy+3fLX5D
TLSH 2D13F22204AA0DDCB2E288D1C93D1FCAC69F8E3573770965E47D03DAD7689B6E179810
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sungwon7.co
Sending IP: 111.90.158.36
From: Lauren <lauren@sungwon7.co>
Subject: FA 2374 LDS TEMPO JACKET.
Attachment: FA 2374 LDS TEMPO JACKET.rar (contains "FA 2374 LDS TEMPO JACKET..exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=17QbEwjPntAWuYpyfGh5QL6xFKvtIKKmO

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:12:09 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pmyrqmqe26n5vlv4tzl32rouhnws43rys37ntbokitureizcnkkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 7b31183204d79bdaaebc9e57bd45d43b6d2e6e3896fed985ca44e91223226a95

(this sample)

GuLoader

Executable exe 4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1

  
URLhaus
https://urlhaus.abuse.ch/url/374171/
  
Dropping
MD5 3b736de331dcbcc2c3f681024abc1bce
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1

Comments