MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41847d61f17513a48a53c1124d500448cef394495797e7f70384f8b5239a6a25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41847d61f17513a48a53c1124d500448cef394495797e7f70384f8b5239a6a25
SHA3-384 hash: e996c3209c863c514bb803b4d4f9516cfc6200487bbb7809fd432751096b38f6d9357a7da8da8cba993b55bccb7caf54
SHA1 hash: e3a40e542a3b6d7dd0a6bef1c4cbb264bba47617
MD5 hash: 1a36334888488914019079e5b4225137
humanhash: vegan-hawaii-december-eighteen
File name:RFQ5983.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:42'759 bytes
First seen:2021-02-01 09:56:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:72VXmhApXJQ4Qn1h0iYaDRPdIJYYGhWHqMyoNCYOf:yhEn1C6AJru4xnQ
TLSH 9313F2042B21A39D431A6E77B3E23790D1BD7AB3AB671B170FC95D08D594CDE1882D46
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cloud01.worldeyecam.com
Sending IP: 66.115.164.12
From: Baker Sudqi Abubaker <bsabibekar@adnoc.ae>
Subject: NEW ORDER FROM EXHIBITION
Attachment: RFQ5983.zip (contains "RFQ5983.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1YAhYGS-v6BLnWt8V79sI89lhpXBsU2xC

Intelligence

File Origin
# of uploads :
1
# of downloads :
179
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41847d61f17513a48a53c1124d500448cef394495797e7f70384f8b5239a6a25/
Threat name:
Win32.Worm.Wbvb
Create hunting rule
Status:
Malicious
First seen:
2021-02-01 09:57:29 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=igch2yprouj2jcstyeje2uaejdhphfcjk6l6p5ydqt4lki42nisq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.15
Link:
https://yomi.yoroi.company/submissions/41847d61f17513a48a53c1124d500448cef394495797e7f70384f8b5239a6a25

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 41847d61f17513a48a53c1124d500448cef394495797e7f70384f8b5239a6a25

(this sample)

GuLoader

Executable exe 87eb95add82c1c9df19d4fb798583d1e62f04eb27dd654c50fa153ea2731f58d

  
URLhaus
https://urlhaus.abuse.ch/url/986186/
  
Dropping
MD5 0d4036c9207875749e901bdd70a6d817
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 87eb95add82c1c9df19d4fb798583d1e62f04eb27dd654c50fa153ea2731f58d

Comments