MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aba736151e90a963dc73081d1b99d36972d34766f4f90e871594d8ce5743c9d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aba736151e90a963dc73081d1b99d36972d34766f4f90e871594d8ce5743c9d6
SHA3-384 hash: 75ea9e52a09ff235c4789f248248b3057348c3896d2e7c87e9ea8679f42548a9523b9befee02d67e3bdf898bfafd0130
SHA1 hash: c978fd265dea80800d2e1b1555ce78022a4f591b
MD5 hash: 4d1350f85e560d814689f9b337f8fee7
humanhash: johnny-mango-alpha-nineteen
File name:HYUNDAI MASS QUARANTREAT PROJECT.dwg.cab
Download: download sample
Signature GuLoader
Create hunting rule
File size:41'061 bytes
First seen:2020-06-02 11:22:48 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 768:VoNkxOYqT7f5B8a3oTFnPBHVkMf+jNhAOg/NGnW6NswkBthn:VoN6Ov5P3QJ1X+Rhc/NGn92w4n
TLSH 0103F2DDF7A2D679BB0AF58EC9D895689F082A036040F74157271EB13B79A9428CC30F
Reporter abuse_ch
Tags:cab geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm50.hanmail.net
Sending IP: 203.133.180.238
From: 로이 유 <jiseo6518@daum.net>
Subject: 견적요청의 件:HYUNDAI MASS QUARANTREAT PROJECT
Attachment: HYUNDAI MASS QUARANTREAT PROJECT.dwg.cab (contains "LT20200602.exe")

GuLoader payload URL:
http://ekenefb34logs.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/lento_MUbPeRwhHD163.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Downloader.Fareitvb-7995198-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 06:08:42 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vottmfi6scuwhxdtbaorxgotnfzngr3g6t4q5byvstmm4v2dzhla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

cab aba736151e90a963dc73081d1b99d36972d34766f4f90e871594d8ce5743c9d6

(this sample)

GuLoader

Executable exe d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3

  
URLhaus
https://urlhaus.abuse.ch/url/374150/
  
Dropping
MD5 0a209323f3bebb04e29b373c03c8b011
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d9ea7ed19010ef0c36ebd05d5abfd5624e21a33ad5e18ca36007671d86eba8b3

Comments