MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e5dd69e3f4a4994c2c27f95beb26bc06e8eb74d85b845eba7773348345d8569. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e5dd69e3f4a4994c2c27f95beb26bc06e8eb74d85b845eba7773348345d8569
SHA3-384 hash: 50cbaf623659fc6b81b73febf5e6e7abd8e1903479864ab2e46baeebef834fe35e1c7a87427fa12d3f9c2d45f2495731
SHA1 hash: c1b7aa18884ddff934d4b8756e3356cf5c9da9dd
MD5 hash: 997828eb644ab574f61da65653a593a5
humanhash: seventeen-fourteen-michigan-cup
File name:INV BL+CO+PACK LIST.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:28'176 bytes
First seen:2020-05-21 10:25:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:GgPaxGMx1DPI9cuXdd3Qnk3XYlpUonAlI/COLxc728VXrvTOHZyIxvrVZdWbXYQz:DSxnIt6d34tXjTkxxvZZdWbhKSu3BiD
TLSH 70C2F1F9A140C95FE2A83802CF37570A9B90130EF4840AA4A25BF9F476C973E1DBF559
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.erageran.xyz
Sending IP: 45.95.169.208
From: Mang Yahng <info@urommats.com>
Subject: 回复:: Re:Revised Proforma -河北進出口 CO,.LTD
Attachment: INV BL+CO+PACK LIST.zip (contains "INV BL+CO+PACK LIST.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Qg6YJ4rLvBbeIW0sKd-DcDFPYmiwExzd

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.generic.ml.9439.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:37:00 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pzo5nhr7jjezjqwcp6k35mtlybxi5n2nqw4el25ho4zuqnc5qvuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 7e5dd69e3f4a4994c2c27f95beb26bc06e8eb74d85b845eba7773348345d8569

(this sample)

GuLoader

Executable exe 7a760430295f2983742510a35642ce550c0bf4f8f9632f027bbb11de037126b1

  
URLhaus
https://urlhaus.abuse.ch/url/366084/
  
Dropping
MD5 cff638f2bea16c59355e58c6335f79ad
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7a760430295f2983742510a35642ce550c0bf4f8f9632f027bbb11de037126b1

Comments