MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ee387dc51002ea6d8b82fce95e0659672d9f22696f4d2562ea3be72c4abc94c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ee387dc51002ea6d8b82fce95e0659672d9f22696f4d2562ea3be72c4abc94c
SHA3-384 hash: 3b8108cb86f42451b8497f5566f57e18a20251312856d4fe9039c60b18b0cb6ab3ebb7b14999831947c7f4d8b42f2321
SHA1 hash: 26754f6cef994729559746a77b735de15198d069
MD5 hash: dbea6b9bd29225ed9be24a03089a412a
humanhash: freddie-april-network-papa
File name:Quotation-June.ISO
Download: download sample
Signature GuLoader
Create hunting rule
File size:74'230 bytes
First seen:2020-06-04 06:03:29 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1536:h5aXjSiZby6FzF2QjW0L2F6P6S8Oj/lsmrcF891JyEPR9wlZ:h5aW8bhFzFri09Pb3j/hcG91Y
TLSH 95730283E99D41A4BE050384C23B2C8BA85E9362D9AA01D7B716F1CF5B434344F367AE
Reporter abuse_ch
Tags:GuLoader iso


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: nova.example.com
Sending IP: 103.151.124.243
From: victo@vickyonchat.xyzf <victo@vickyonchat.xyz>
Subject: Request For Quotation-June
Attachment: Quotation-June.ISO (contains "Quotation-June.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1-oPhHGF2A35QMubDiMfdnIvDbZa9BdlM

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 02:37:00 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f3rypxcraaxknwfyf7hjlydfszznt4rgs32nevrouo7hfrflzfga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 2ee387dc51002ea6d8b82fce95e0659672d9f22696f4d2562ea3be72c4abc94c

(this sample)

GuLoader

Executable exe c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011

  
URLhaus
https://urlhaus.abuse.ch/url/378970/
  
Dropping
MD5 78ca03cbf0e318f7da1f31bd41ed9660
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c42ae355f2541ec7be30e51b1fcb50a1c7d8b0d6afa717dab533369cb5a69011

Comments