MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 329cefd2d35743ff65d64a274fde3e2c1fd78fc4f543dfe1e5b1290c93eea4db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 329cefd2d35743ff65d64a274fde3e2c1fd78fc4f543dfe1e5b1290c93eea4db
SHA3-384 hash: c8eab9cf442a26f4259208ce990b9a5209977352973ec5be82be6d908c4635242add634b3121d007ca52dcb65f7af265
SHA1 hash: aad73d0975a0a3ace68fd6ff257654c1ccb80f54
MD5 hash: 7585db69826bce726fa3f7190069803d
humanhash: papa-high-asparagus-kitten
File name:scandoc19082020.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-08-20 05:35:25 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 384:ap1p7Nm6b/jRi60Lxp3Vxdw/2JDfUQBYgrCJ7LqKO1nGlcYV:ap1p7w6bh0TFxe/dQBoNu1nAc
TLSH 84930822A7D4D0B1D85D0A722DA6C77B11A33E3F52DA9A1F7E5C3A1D2F71389A804347
Reporter cocaman
Tags:GuLoader img


Avatar
cocaman
Malicious email
From: DHL " <DHL@321.metalvxini.ml>
Received: from iux0.321.metalvxini.ml (iux0.321.metalvxini.ml [128.199.12.215])
Date: Wed, 19 Aug 2020 22:11:08 -0700
Subject: Re:second Reminder AWB#08200009
Attachment: scandoc19082020.img

Intelligence

File Origin
# of uploads :
1
# of downloads :
242
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/329cefd2d35743ff65d64a274fde3e2c1fd78fc4f543dfe1e5b1290c93eea4db/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-20 05:37:06 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gkoo7uwtk5b76zowjitu7xr6fqp5pd6e6vb57ypfweuqze7outnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/329cefd2d35743ff65d64a274fde3e2c1fd78fc4f543dfe1e5b1290c93eea4db

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 329cefd2d35743ff65d64a274fde3e2c1fd78fc4f543dfe1e5b1290c93eea4db

(this sample)

GuLoader

Executable exe 967ea109385c23aa2c0a841295eb33b1f25d25b836903cbabe33a9c1fb2ee267

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 967ea109385c23aa2c0a841295eb33b1f25d25b836903cbabe33a9c1fb2ee267
  
Dropping
GuLoader

Comments