MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0f86735151c99e0bb1a8d2c58105d0a0f136952c8391e3ac905b66a3a7f8852. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0f86735151c99e0bb1a8d2c58105d0a0f136952c8391e3ac905b66a3a7f8852
SHA3-384 hash: 0d47eebdd261b2c905adb53e25608e109713513d818974d821595508b41fa19ba5051803cb094f2192b3dd487bb3116e
SHA1 hash: 6fdd65c8dd22bd04d3e29ff26092cbcd7aa3df11
MD5 hash: f93bdd792af5350b4eec20d163b97e66
humanhash: artist-carbon-west-mobile
File name:Bank Details.ARJ
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'789 bytes
First seen:2020-06-08 12:09:12 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 768:D9jZAEwEO0nfpK6nw4sltYZcqbfr/zQGB8xb+mLZa0ZRaaoVeJCIXUA+LfYfQ:D9lbtjnwXFtYZ5fXSJ+mtBraa4e9k9LP
TLSH F013028F7B20372CBF5A38E7BBD3D5C902CDDC0BE9D31BA2066136356064E1A694D525
Reporter abuse_ch
Tags:arj GuLoader HostGator


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gateway9.unifiedlayer.com
Sending IP: 69.89.19.235
From: bahaa@abmaritime.com.jo
Subject: RE: Bank Details
Attachment: Bank Details.ARJ (contains "Slagterhunden.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=15xPGmz8SkqXgoMEABNYey1kQvFJni_x2

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:11:03 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2d4gonivdsm6boy2ruwfqec5bihrg2ksza4r4owjaw3guot7rbja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj d0f86735151c99e0bb1a8d2c58105d0a0f136952c8391e3ac905b66a3a7f8852

(this sample)

GuLoader

Executable exe 0c2430af1c4b999dbe4534676db7718af6f44afb11335ff574bb82e38e637f9c

  
URLhaus
https://urlhaus.abuse.ch/url/383144/
  
Dropping
MD5 43e7002b315f2638f675c023e10623c0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c2430af1c4b999dbe4534676db7718af6f44afb11335ff574bb82e38e637f9c

Comments