MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42cae7864931a1bf6193d32260d1bbb3db4e02914a0a01c4e31f6345c5bce4d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42cae7864931a1bf6193d32260d1bbb3db4e02914a0a01c4e31f6345c5bce4d7
SHA3-384 hash: a5dbf1b725b2827a7428569e6384d4f9db6e1c41dcdbb7b81c591534e8c23806554d6642c0f190b02c7607322d9aa4d9
SHA1 hash: 60bc3185b74db475ecb63aa59446fd433cf66db3
MD5 hash: 33fcb980240e66bf740f7006ef72a4e0
humanhash: mobile-robert-march-mockingbird
File name:RFQ-OM-3994 - Closing Date 30.05.2020 -MEPF-PO-2020-060PDF.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:27'855 bytes
First seen:2020-05-26 07:37:45 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 768:fNm+IPxSxijjBDWdKltU45D6VScyqvi0843t:f8+IP8xEBDWLScn9
TLSH D6C2F1E8D9FE2F80CBF7E60AD21AA4460B6E6CDAB02B5D354081F47944D2E8067B7950
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Import Manager <himanshu@anantcreation.co.in>
Subject: Product Inquiry
Attachment: RFQ-OM-3994 - Closing Date 30.05.2020 - MEPF-PO-2020-060PDF.z (contains "RFQ-OM-3994 - Closing Date 30.05.2020 - MEPF-PO-2020-060PDF.exe")

GuLoader payload URL:
http://www.pdslhk.com/file/binfle_ACzOcwHde53.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:40:39 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z 42cae7864931a1bf6193d32260d1bbb3db4e02914a0a01c4e31f6345c5bce4d7

(this sample)

GuLoader

Executable exe b2e6c6309b38be8d57c9164b837a1ec50ab97d980a4f1ec4575fe12f74bdc6c5

  
URLhaus
https://urlhaus.abuse.ch/url/368641/
  
Dropping
MD5 7c0c4950d8b01da2a8a93fb65fb0ba96
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2e6c6309b38be8d57c9164b837a1ec50ab97d980a4f1ec4575fe12f74bdc6c5

Comments