MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 359240b4ed003d31510b4dab78fe70314942ce5a1d56973303a2853a8cdd69a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 359240b4ed003d31510b4dab78fe70314942ce5a1d56973303a2853a8cdd69a7
SHA3-384 hash: 0c258f93f9866c217542578eb598121f1dc711805abc8632e2e620983991014f3e48db3963f3277c0d015b273e327e0e
SHA1 hash: 5d4b133c67459580625721522d2a26e8768209b5
MD5 hash: 11d4c449c6c5f355bee9020a5cf22f4b
humanhash: potato-lithium-kentucky-maine
File name:account confirmationL._pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'577 bytes
First seen:2020-06-08 14:49:06 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:TScIIdi1YAos6pbRuaojkK5xotL9LK2QjhY/LcHVspQJ1cBxy4z9gWI/TVyFN27X:zIIdi1YAS6rjVxQNK2Qjh8LcH0QHKgW2
TLSH 691302C0DB11188AFAC9BAF8D8BC4E0B046B1DE7FCAD07D6691A45605A85376C79A4F0
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: genopem.tk
Sending IP: 135.181.24.152
From: international payment <iban@crdbank.com> <admin@genopem.tk>
Subject: payment confirmation
Attachment: account confirmationL._pdf.gz (contains "OVERLIBERAL.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=F5533CD060D35070&resid=F5533CD060D35070%21175&authkey=AFXcXTsaROKELbM

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:51:04 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gwjebnhnaa6tcuiljwvxr7tqgfeufts2dvljomydukctvdg5ngtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 359240b4ed003d31510b4dab78fe70314942ce5a1d56973303a2853a8cdd69a7

(this sample)

GuLoader

Executable exe 5c981192bf5e45d352e5abcde6fc0b57b9dc3081b34d3f1a76dcd52a0111c4fa

  
URLhaus
https://urlhaus.abuse.ch/url/383215/
  
Dropping
MD5 f40f9eedefecb9048709ce977a340856
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c981192bf5e45d352e5abcde6fc0b57b9dc3081b34d3f1a76dcd52a0111c4fa

Comments