MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2816b4cb7c5d8b87d1d56e855af0a2dba02782b7e6ac375a0ef41e1226147156. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2816b4cb7c5d8b87d1d56e855af0a2dba02782b7e6ac375a0ef41e1226147156
SHA3-384 hash: 95c50087d6132a611d601295a07ea95c1cf878e34a65bef7d8bcea503aedbaf6d8a536c9d021385c485a8aaaeb3ea7a6
SHA1 hash: 1dcbef8bd1d3bc819d8b765d00a20c292eb18f2b
MD5 hash: a95e94aa91e2c6cddbbbc018572ee46b
humanhash: juliet-eighteen-muppet-twenty
File name:Product_Me_Order_Pictures _pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:120'844 bytes
First seen:2020-08-19 12:21:25 UTC
Last seen:2020-08-19 12:22:38 UTC
File type: zip
MIME type:application/zip
ssdeep 3072:IvBm+/D+DwpSZcS4tjJgBtFWB3Zr92WApZSbwqwb+r3xMqnK:IvouDhCcS4tCTFiV9pbzrm0K
TLSH 32C312F97EFEE0A5E66F31E60061948FF9D0E609F2A4C2139D095D04666A3C44B72C3A
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.ricksaezp.com
Sending IP: 104.168.173.112
From: info@ricksaezp.com
Reply-To: info@ricksaezp.com
Subject: ATTACHED FILE PRODUCTS NEEDED PLEASE
Attachment: Product_Me_Order_Pictures _pdf.zip (contains "Designs jpg jpg jpg jpg.scr")

GuLoader payload URL:
https://onedrive.live.com/download?cid=5624EA93AB8BAD8E&resid=5624EA93AB8BAD8E%21139&authkey=AHZF3gFTm8oMJ7o

Intelligence

File Origin
# of uploads :
4
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.23380.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23382.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2816b4cb7c5d8b87d1d56e855af0a2dba02782b7e6ac375a0ef41e1226147156/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 14:30:56 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=falljs34lwfypuovn2cvv4fc3oqcpavx42wdowqo6qpbejquofla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/2816b4cb7c5d8b87d1d56e855af0a2dba02782b7e6ac375a0ef41e1226147156

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2816b4cb7c5d8b87d1d56e855af0a2dba02782b7e6ac375a0ef41e1226147156

(this sample)

GuLoader

Executable exe fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241

  
URLhaus
https://urlhaus.abuse.ch/url/436057/
  
Dropping
MD5 d90ce2bea547248ca6ddc8c72bfa28e5
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
  
Dropping
SHA256 c2fad0ca69171eabf05cff3020af18e45b34558b660e5197bdb4c0c072c9cdde
  
Dropping
MD5 386e7e7739d1519fa7e51c6acd53c485
  
Dropping
SHA256 45310ab9b43a84346d6c41c5286fab15c4921920461aa2c58ecf375d6070d4ef
  
Dropping
MD5 2f41e0a47ad4524390eae2253eba490d
  
Dropping
SHA256 d2b7389c9dd63fb1b147537c52572bbc09bec5c080474000e113b31aa249388a
  
Dropping
MD5 0fefb456de0c44dbe347c9af0017e49c

Comments