MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2953239de08a7b9e19da7663dc0409deaee24fd71c94ec7e861e390333764540. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2953239de08a7b9e19da7663dc0409deaee24fd71c94ec7e861e390333764540
SHA3-384 hash: af27b875c63120db266691bafc1dbe78f882f3b2645881e28f6ed4cb9fa1be5f890ee8a069446d652beebe3826319e4f
SHA1 hash: 5ecc8dfa081bf837919d15041783d65949a4d63f
MD5 hash: 9ce255a44296c2608d99b47e60316a8f
humanhash: football-tango-solar-twelve
File name:890660021.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:27'989 bytes
First seen:2020-05-26 09:21:08 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 768:R8R6BYe4L4euFEdFgBftfd8JVZexIxtJBkplXJNUCpD:SR66/4J0FgBfddEKxuNmlXECpD
TLSH A6C2F13D0FAA7151DBA8482455657F618FFCB8425331AF17B16BE8FAC1ACBE41C84A24
Reporter abuse_ch
Tags:arj geo GuLoader SRB


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mxload.webglobe.sk
Sending IP: 212.57.32.37
From: Radmila Šoškić <esivakova@mlproduktion.sk>
Subject: Поръчајте 4890660021
Attachment: 890660021.arj (contains "890660021.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1D1GdO27aQr62g77-u4jGszUIYKy-3OMP

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:46 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
14 of 48 (29.17%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 2953239de08a7b9e19da7663dc0409deaee24fd71c94ec7e861e390333764540

(this sample)

GuLoader

Executable exe 90e4736e48846a554c0438083177e6b7f1753450d32b80497c5e3d93d1344849

  
URLhaus
https://urlhaus.abuse.ch/url/368755/
  
Dropping
MD5 a3fe75d49fcb5329a0d081278bd9940e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 90e4736e48846a554c0438083177e6b7f1753450d32b80497c5e3d93d1344849

Comments