MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 091d738d434b010b21d985a4bb252851e9569097b59fff2c74d71a5b35db1115. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 091d738d434b010b21d985a4bb252851e9569097b59fff2c74d71a5b35db1115
SHA3-384 hash: 0d2220b4ac6799c19a438d60ded40af87afdbb99ddd9e3804ff86f2b2f4fbf4c808b7caac9358699a2d5c86d2a44f22f
SHA1 hash: 07703df3796f8f5f1f3659b0551d2805abf90adc
MD5 hash: 16e8830c32372087bad71df23bb87dbc
humanhash: uranus-emma-failed-arizona
File name:088021ord_PO.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'719 bytes
First seen:2020-04-06 10:55:54 UTC
Last seen:2020-04-06 19:58:22 UTC
File type: rar
MIME type:application/x-rar
ssdeep 768:334YFgAMOqE5DseKA5A4OyJ2XWIMGc/sUJnGX:334OgAjJseS4dJ2pesU4X
TLSH 09B2E121C5BA2579600BC3A38DD22B8B63A4E84CC6FD06618E3318452DAADDCF66B195
Reporter abuse_ch
Tags:COVID-19 GuLoader rar


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader:

HELO: mail.pickelhost.com
Sending IP: 103.99.1.158
From: PURCHASE DEPARTMENT<frederik@barberajmeagher.gq>
Subject: RE: (COVID-19) CI OF NEW ORDER---3013670
Attachment: 088021ord_PO.rar (contains "088021ord_#PO.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vbobfuse
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 09:52:21 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=beoxhdkdjmaqwiozqwslwjjikhuvneexwwp76ldu24nfwno3cekq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 091d738d434b010b21d985a4bb252851e9569097b59fff2c74d71a5b35db1115

(this sample)

GuLoader

Executable exe 0c4c71e85ab589b9931f6ba87a00ac43d29ddc2907857c7226181fb56e4e278a

  
Dropping
MD5 ef5ac1def1c0500f0e9f937a1e67328f
  
Dropping
SHA256 0c4c71e85ab589b9931f6ba87a00ac43d29ddc2907857c7226181fb56e4e278a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c4c71e85ab589b9931f6ba87a00ac43d29ddc2907857c7226181fb56e4e278a

Comments