MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c
SHA3-384 hash: 46f9f42831bbced2775b220804699e8a9fbc729aecfb8d597ef47117fead32ba82b6cdd75ac31c1223b53a7d9c4ecad0
SHA1 hash: a09a2039fe462108c0719a1aa081000dc7526444
MD5 hash: d6d6756a8b5edb9299b912ef00cbebab
humanhash: victor-wyoming-don-emma
File name:REQUEST FOR QUOTATION FROM ---COMPANY.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-05 19:34:59 UTC
Last seen:2020-06-05 21:00:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c12c375f0c792d0f6c1264566470cd51 (1 x GuLoader)
ssdeep 3072:9rdhegQlk4EduZjlWpwaNYHm123DUgoYAM:9qxlk4U+A
Threatray 5'106 similar samples on MalwareBazaar
TLSH 1DB3822BA959BC2CD1C97DF0BC15A89713163C15AB44A6BE52D0FBBCB630AE27C11707
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mails.cesosenintl.ml
Sending IP: 193.142.59.85
From: Mr. Jacob <sanchezj@brightindustries.com>
Reply-To: sanchezj@brightindustries.com
Subject: REQUEST FOR QUOTATION FROM ---COMPANY
Attachment: REQUEST FOR QUOTATION FROM ---COMPANY.rar (contains "REQUEST FOR QUOTATION FROM ---COMPANY.pdf.exe")

GuLoader payload URL:
https://qif.ac.ke/anyii_DbAFfSTiIS190.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6818/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMHE.17515.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 19:36:07 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vcgk6enqdtvdcgwkco3oov5is5gvam7bvs4hjg45dfi62dmt2rga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
GuLoader
3259355435f9e6a9b041b93c2faa1ad8a3867de478a436606702593e4e130dd0
GuLoader
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
dfc7dc8fbb5ca4e70bd22acc87b2c43c507e7967341974504a255554963fac1f
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'096 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar d3e1849e24ea3943f8f5256a1e2eadcece0613e065a41d2f4827ae4762f06fd6

GuLoader

Executable exe a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365506/
  
Dropped by
MD5 cd56d93394a5cd2d82506a20e155df2d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d3e1849e24ea3943f8f5256a1e2eadcece0613e065a41d2f4827ae4762f06fd6
Cape
Cape
https://www.capesandbox.com/analysis/6818/

Comments