MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 193d608df4ce58a4c81cdff40f0de326af07472763460a6316242468d2151710. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 193d608df4ce58a4c81cdff40f0de326af07472763460a6316242468d2151710
SHA3-384 hash: 99d2bd2a2f4aaf7aee0e3769ffef8787cba9cf1ceb39a41aa4f988a0c4c0095a077c33c47119aca4db0402673ddd992a
SHA1 hash: 81a3591d5c857e59e4c0b701c06c3b5d71785d15
MD5 hash: b52f46bca2d9a16f48799b12b236565d
humanhash: avocado-east-mars-sad
File name:N0178946806479.pdf.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-10 12:36:18 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:Q6JCGMjJvbviB7BFCbW454urlelea02E+Yj3611aBZO/UpM9QxUK2WZwzHbQk7:Q6JCG0CBmr7K3lUOcW9Q5mQ
TLSH B1453B5B6D1C5953E12087B02A72E2A16725BD280502AF473A5C7FADFF316C27DE331A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: box.dysonservicecentre.co.uk
Sending IP: 104.168.211.117
From: Coral Li <support001@dysonservicecentre.co.uk>
Subject: RE: REQUEST FOR QUOTATION N0178946806479
Attachment: N0178946806479.pdf.img (contains "Fonetikke4.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1mgYo7MPYtJz7lS87QYpFURlhFP6pvBXB

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.50200.17292.8619.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 08:12:01 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=de6wbdpuzzmkjsa4372a6dpde2xqorzhmndauyyweqsgruqvc4ia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 193d608df4ce58a4c81cdff40f0de326af07472763460a6316242468d2151710

(this sample)

GuLoader

Executable exe e28da88ff0d294d8f4bc7cacae31814a43026ddac38a554ef697e703122e46c5

  
URLhaus
https://urlhaus.abuse.ch/url/385259/
  
Dropping
MD5 1dcbaf1a1cf84cabfb3265391304aa2f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e28da88ff0d294d8f4bc7cacae31814a43026ddac38a554ef697e703122e46c5

Comments