MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af2fe994a36b45e788a64bb7048858e988f918cd61908afc9503a4599755cd00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af2fe994a36b45e788a64bb7048858e988f918cd61908afc9503a4599755cd00
SHA3-384 hash: 799d7d9ad76b85a0ac423e2c882abea77bc90d27dac75b0e4f5b8490b1af1d8937d6093d982ab2a6730e94158f645ba4
SHA1 hash: 0cc61be93882fc6197e16e70da2d1ae666ee05d4
MD5 hash: b52266e8eff568d5d913c94626ec313b
humanhash: nebraska-violet-cat-indigo
File name:ORDER-RFQ-785577_pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'371 bytes
First seen:2020-08-05 12:07:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:KeSkqo9jwWt7iAPAiE3EI3IY6JUIJLvn/0N0Z9fAqySFOpejdm17B+IRXpt3g78q:hSklMuiAk3sY6JUIJLnzzXOpeJaoIxpk
TLSH B5B2D2A03D7943C9DCC10F7A5E7EAA26B10A5D80F15CD19D5E8A05831977C8C3DE46AD
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: servidor.partteam.pt
Sending IP: 91.198.47.76
From: geral@merchandisemania.com.pt
Subject: RE:ORDER-RFQ-785577
Attachment: ORDER-RFQ-785577_pdf.zip (contains "ORDER-RFQ-785577_pdf.exe")

GuLoader payload URL:
http://smarting.rs/wp-content/alby_mPcwiI58.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af2fe994a36b45e788a64bb7048858e988f918cd61908afc9503a4599755cd00/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 12:08:05 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v4x6tffdnnc6pcfgjo3qjccy5gepsggnmgiiv7evaosftf2vzuaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/af2fe994a36b45e788a64bb7048858e988f918cd61908afc9503a4599755cd00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip af2fe994a36b45e788a64bb7048858e988f918cd61908afc9503a4599755cd00

(this sample)

GuLoader

Executable exe ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71

  
URLhaus
https://urlhaus.abuse.ch/url/424660/
  
Dropping
MD5 f7a5672524f45d5967521c7e88390db0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ab8e874a1010d724e8008b46a262fdddcd8847c5bd5e43a62abe6e48ae324f71

Comments