MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed3ed82dd7ed597b90b5546ef3501f2f9b6b5731dde63ee84f3b9eeab8aea34e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed3ed82dd7ed597b90b5546ef3501f2f9b6b5731dde63ee84f3b9eeab8aea34e
SHA3-384 hash: f946b35104e5fecd63827c9b06f16e1cb8f02011a26fe2acbde8f58cfd0433d58375347df3766cb6e902382f72a5e704
SHA1 hash: b230e468e708968fba8b33b2ea25ea12de73bc98
MD5 hash: 663d39d174d4e1e034939da4017b6ee8
humanhash: emma-mirror-lithium-xray
File name:DOC12.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:46'555 bytes
First seen:2020-06-02 11:21:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:zT8NrL7GxKsrpKfrz8XNEDVSI9gv7rixtfSfY6TkWKDknLWKXLgqbQisI69:zQlcKa0f/8XSDVc72xtf6TkWKsLWwLbE
TLSH 282302293E8E124FF071207F51D1DA8FEDA8E6D4DC172294E1357D5A0699A8F3B050EE
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ns2.agrobogautama.co.id
Sending IP: 122.102.40.26
From: Land Mark Tower <james.john@landmarkgroup.com>
Subject: RE: PAYMENT REMITTANCE
Attachment: DOC12.gz (contains "SQ0894795.exe")

GuLoader payload URL:
https://taleoudine.com/bryt2_xkAWOqihL67.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Nanocore-7995237-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:49 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5u7nqlox5vmxxefvkrxpgua7f6nwwvzr3xtd52cphopovofounha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ed3ed82dd7ed597b90b5546ef3501f2f9b6b5731dde63ee84f3b9eeab8aea34e

(this sample)

GuLoader

Executable exe 7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061

  
URLhaus
https://urlhaus.abuse.ch/url/374172/
  
Dropping
MD5 174f32e90c9316ecf500e2a8a4965062
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061

Comments