MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8f25d1a1c2aa7b16ec62e04248bc5571526f6067c1ea205da8c8e34090ff73d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8f25d1a1c2aa7b16ec62e04248bc5571526f6067c1ea205da8c8e34090ff73d
SHA3-384 hash: d74aa30d6919c71800d976a5956616ac68b315293a036d7dd071a0c968de15afe6dec3557f069fa3601ac818ffbd8a41
SHA1 hash: b16921381ee02fe8ce8e8f89b46011f10eb1ffbb
MD5 hash: 4b746b6fe50fc847ea62b7af05bb3b72
humanhash: fourteen-salami-apart-cardinal
File name:RFQ-İSKEN - SUGÖZÜ POWER PLANT.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-08 12:05:10 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:fcysFY6TjMJfBhJciT8fe0goKK3a3SPAw:pxuQZudfenmaW
TLSH C145AE036904C591F0524270ADC39B9A23766D295D416FA73A5D2FAFFF347C2ADE022E
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: rizzy.us
Sending IP: 103.133.106.94
From: İSKEN - SUGÖZÜ POWER PLANT <dragonsport@rizzy.us>
Subject: RE: Urgent Request Quotation(New Contact)
Attachment: RFQ-İSKEN - SUGÖZÜ POWER PLANT.IMG (contains "RFQ.exe")

GuLoader payload URL:
http://23.227.201.165/bin_ccEfcWDu31.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.26691.13924.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:07:05 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3dzf2gq4fkt3c3wgfyccjc6fk4ksn5qgpqpkebo2rshdicip646q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d8f25d1a1c2aa7b16ec62e04248bc5571526f6067c1ea205da8c8e34090ff73d

(this sample)

GuLoader

Executable exe 8347dcd8992d73ce59c612f2c59381d084fb88fbf2d30f167e95c8ddd4818dad

  
URLhaus
https://urlhaus.abuse.ch/url/383080/
  
Dropping
MD5 95681d8b7e1f90828041688b1720b3d2
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8347dcd8992d73ce59c612f2c59381d084fb88fbf2d30f167e95c8ddd4818dad

Comments