MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc0109f0468f8444d020965fcd2b6dad34fabf5e6b82f7fd45061fadee1e8539. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc0109f0468f8444d020965fcd2b6dad34fabf5e6b82f7fd45061fadee1e8539
SHA3-384 hash: 14fddc3e731b76b1466d2f397bccd4eecfb1512e25c8b66d4ecdd6256641c49da65e9e480a27c3514333c15c5b3dc417
SHA1 hash: 637f6c71462eb8c5a499f2979b96715faf035f6f
MD5 hash: c8516e56faa06d0a47eac8456e890ac1
humanhash: eleven-carbon-social-rugby
File name:PO-096870-Order-SampleSpecifications.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 11:20:08 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:Z5v4u5PfBSlVLLndY+5eNYGqM4MzUnJpjilZeiHtn0nE9vlgfdE2:z55PJkhndY+8tqMG5iHp0nE6
TLSH 9245E70A79C8BCF6DC369FB058B8D5605D25ED345C118F87380CBB9D2BB65DE29A031A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm45.hanmail.net
Sending IP: 203.133.180.233
From: sacorp22 <sacorp22@hanmail.net>
Subject: ITS (UK) Ltd: PO-096870-Order-Sample&Specifications
Attachment: PO-096870-Order-SampleSpecifications.img (contains "PO-096870-Order-Sample&Specifications.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1kVi8Wt8a8bx0r0Nv_LSeCQt4ecTdkbEW

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Fareitvb-7900525-0
Create hunting rule

Win.Malware.Guloader-7900546-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:15 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img cc0109f0468f8444d020965fcd2b6dad34fabf5e6b82f7fd45061fadee1e8539

(this sample)

GuLoader

Executable exe d19cf303057d3c356982205081cf799fb3c1bd5b2e5fa4d471540dcc792d96f6

  
URLhaus
https://urlhaus.abuse.ch/url/368801/
  
Dropping
MD5 0147e552ee96dcef3346649c4b7b0742
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d19cf303057d3c356982205081cf799fb3c1bd5b2e5fa4d471540dcc792d96f6

Comments