MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 112e4fd6e33b91c6378140c54f9f671969e1b18c4213f98d8155820e3c034e7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 112e4fd6e33b91c6378140c54f9f671969e1b18c4213f98d8155820e3c034e7c
SHA3-384 hash: eb7865e61eb41d2c0b1da11c9dc36ea53daf3c47babca02e6b5989150cc89a48a4050735621876dd374b7499526acb40
SHA1 hash: 756d1d252c7d3e01843a714a1d7ced1867c454a7
MD5 hash: df32f2508e59b0591c5990abc5d910f8
humanhash: cold-nitrogen-mockingbird-golf
File name:product inquiry.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:35'382 bytes
First seen:2020-06-02 11:16:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:owv1Ci7xbbxzRuApUYs/9ANSOaeQVsqMtxeH5C+LheyYR4Lpe:HvlVfoR7OanVsqMGHA+4yOIe
TLSH C8F2E19FC4106125B8077604EBEBEB25F2A6074AA9FE75C9C21588C07C867725EB35CB
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: schroder.com
Sending IP: 195.54.163.131
From: Andrea Werner<andrea.s.werner@schroder.com>
Subject: Product Inquiry
Attachment: product inquiry.rar (contains "product inquiry.scr")

GuLoader payload URL:
http://195.54.163.83/ody.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:05 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cexe7vxdhoi4mn4bidcu7h3hdfu6dmmmiij7tdmbkwba4padjz6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 112e4fd6e33b91c6378140c54f9f671969e1b18c4213f98d8155820e3c034e7c

(this sample)

GuLoader

Executable exe e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5

  
URLhaus
https://urlhaus.abuse.ch/url/374271/
  
Dropping
MD5 90883738bf5de17d73b2b244acd3a125
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5

Comments