MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25caa923919deac15a948c6d1e0293d9b10931868c1e2dc2896907050290ad13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25caa923919deac15a948c6d1e0293d9b10931868c1e2dc2896907050290ad13
SHA3-384 hash: 5e2667012fd21fb2239ef3bc2d2e24433fd3e39cbc1f8fea57f551c52e9f551621a732b2cbbb743be1a4aab52a62041e
SHA1 hash: 634b1d0b9fb771cc4d109cc39ebbb9076a87fc5f
MD5 hash: 5da230b9eb8b84db238fd0db36b751c5
humanhash: fanta-lima-king-solar
File name:SGN07752818.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-19 13:16:42 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:wTJEIqIx6d+3yx+TRML3pHjAn5WUfIwdB2DYh/yR0rEPU:4uIo/ZHjq5WSxXVrEPU
TLSH EE454B16E6D4A6F2F2588B340B685EF411FDBC302952CD4B78DC3E591B73A048DA936B
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.agcocorpe.com
Sending IP: 104.168.242.147
From: ppa. Thomas Rawe <info@agcocorpe.com>
Reply-To: ppa. Thomas Rawe <rjjha63@yahoo.com>
Subject: Quote price
Attachment: SGN07752818.IMG (contains "SGN07752818.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=8E778D4A23C91A07&resid=8E778D4A23C91A07%21265&authkey=AJm25L6IGNXgCeY

Intelligence

File Origin
# of uploads :
1
# of downloads :
230
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Midie.74532.26942.6772.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25caa923919deac15a948c6d1e0293d9b10931868c1e2dc2896907050290ad13/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 19:42:15 UTC
AV detection:
16 of 47 (34.04%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=exfksi4rtxvmcwuurrwr4aut3gyqsmmgrqpc3qujnedqkauqvujq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/25caa923919deac15a948c6d1e0293d9b10931868c1e2dc2896907050290ad13

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 25caa923919deac15a948c6d1e0293d9b10931868c1e2dc2896907050290ad13

(this sample)

GuLoader

Executable exe d48bd7c50cc69b4f73766563fde6a1444b64a725acb7b988e75bdc54b945d383

  
URLhaus
https://urlhaus.abuse.ch/url/436059/
  
Dropping
MD5 dc85e19bf0230041328c7ec3a5380181
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d48bd7c50cc69b4f73766563fde6a1444b64a725acb7b988e75bdc54b945d383

Comments