MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcb0edf833c7f0e4408505be098288ec9706f4abe6a89ad399d1a361d6bf12a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bcb0edf833c7f0e4408505be098288ec9706f4abe6a89ad399d1a361d6bf12a9
SHA3-384 hash: a2681eec606515de3012e079f5f38b32df95208ea7ecedacee1dd7fe27e730fa8b54042363df55fb0e00453bcb8593a4
SHA1 hash: 3a90faa2d2c6dda3ebf6b1e6702e761a1b969277
MD5 hash: 369d6a8d6235fdbd7183dd2df9951f31
humanhash: wolfram-monkey-sixteen-hamper
File name:PrePayment_Slip_Hgz_Bestsino_ImpExp_Co_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:46'414 bytes
First seen:2020-06-02 11:18:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:XSU3XBLAHQcj2BOCc4GPxTANhG1poBvKIqZHIyON3vRB9Bai8Y+GvMlQJDvDSsEr:i+WH1vn4GPxyhG1pEvK5oyON3pB9BaHl
TLSH 0D23F19C4D53917FD8948DF22FDA12C9B2297BA2F4F109314AC390CB07A66FB596209D
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: kolo.com
Sending IP: 173.82.154.164
From: victor.lee@bestsino.com.cn
Subject: Hangzhou Bestino May Order Pre-Paymnet (USD55,827.17)
Attachment: PrePayment_Slip_Hgz_Bestsino_ImpExp_Co_pdf.gz (contains "PrePayment_Slip_Hgz_Bestsino_ImpExp_Co_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1keZJ7uo0eS222SPLWcHAZGbnxDN6PELJ

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:40 UTC
AV detection:
23 of 47 (48.94%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xsyo36bty7yoiqefaw7ataui5slqn5fl42ujvu4z2grwdvv7ckuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip bcb0edf833c7f0e4408505be098288ec9706f4abe6a89ad399d1a361d6bf12a9

(this sample)

GuLoader

Executable exe 2ea7c45996858960ac08d2362470f439e40f3b40f768db40cc8263ada70a8bf4

  
URLhaus
https://urlhaus.abuse.ch/url/374181/
  
Dropping
MD5 3c8d8ba00b7c637e98462a991b01e7f1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ea7c45996858960ac08d2362470f439e40f3b40f768db40cc8263ada70a8bf4

Comments