MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad68a5400fd8f0a8f42bf49416bfce6143c82b4199a86b8dff8b096b15afb628. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad68a5400fd8f0a8f42bf49416bfce6143c82b4199a86b8dff8b096b15afb628
SHA3-384 hash: 197d9682666f7c03741bd88c567f67778a716b7334ec34cb51f1194d77ee982dad1a94d41359533dc6118df56120e064
SHA1 hash: 446dacfd2c7c5aa3a69c3530725707342e2eceae
MD5 hash: 885eeb4eff493deaab3570ed8c677d16
humanhash: pip-river-early-delta
File name:Scan0001.pdf.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'127 bytes
First seen:2020-05-28 18:05:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:ht/isCt9vBSS8PKqQhOrInOzzPJdwDzjEFrevs:f/isCtF8SOtQXOvP/wAqs
TLSH C7B2E1B6A2263EDFCBD64473D54912109BF46D0595008B0177AC1FAAC8A3BD7D3BE4D2
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: box.graetfoodgroup.com
Sending IP: 142.11.195.72
From: Salil Johory <dipak@graetfoodgroup.com>
Subject: Re: Wire Transfer Confirmation 100261804
Attachment: Scan0001.pdf.z (contains "Snap6.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1VDDr13QB-SbZaBWx30W2Z7lMfIeRUu_3

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.ELIT.9863.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 18:37:02 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ad68a5400fd8f0a8f42bf49416bfce6143c82b4199a86b8dff8b096b15afb628

(this sample)

GuLoader

Executable exe 6591794758496511c22b638fc57b5d58943670a72568dfa92f29a08c501c73d6

  
URLhaus
https://urlhaus.abuse.ch/url/370301/
  
Dropping
MD5 c6cd79f42a1495c89ccfc7690e37c979
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6591794758496511c22b638fc57b5d58943670a72568dfa92f29a08c501c73d6

Comments