MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43bf254b408877739dcea1a72ed8faaad769148ca73c6b6ce87108a27537d62b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43bf254b408877739dcea1a72ed8faaad769148ca73c6b6ce87108a27537d62b
SHA3-384 hash: ab74c50479ebb8f5da9c9759fc8d0d275bc21d2801e4c39cc65a82a118c186728994a2ee807e64e5afd5d7a80e5fbbc4
SHA1 hash: 1d8c4d97857971888e02e756d04622943ddade5a
MD5 hash: 4a1cf60e634e02f5109b762f5d303de1
humanhash: hot-whiskey-robert-mirror
File name:Outstanding Payment_June_2020_PDF.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:33'286 bytes
First seen:2020-06-10 11:33:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:L7W4p4oc5YuOMg2FrUzT+uhugoG94TUtZv+XlD8wyJDVtp:Ooc2uOXRT+uIiQUtZclDkT
TLSH 58E2E16D2B09A4CA2CCC7153C0A58B75F6D64731FCBEE1223B124E89E85DF6A155CD22
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.carryboy.com
Sending IP: 27.254.141.68
From: prasong@carryboy.com
Subject: RE: (122614) - update payment date
Attachment: Outstanding Payment_June_2020_PDF.rar (contains "Outstanding Payment_June_2020_PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1rs0nA7SOO-FmePI2bk0wlxOzus4Rryyh

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:35:05 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=io7sks2arb3xhhoougts5wh2vllwsfemu46gw3hioeeke5jx2yvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 43bf254b408877739dcea1a72ed8faaad769148ca73c6b6ce87108a27537d62b

(this sample)

GuLoader

Executable exe 0d6ae470c3a3700a88b9a1c42d6216e0e0dd9ba7005c3fe8c7cdaa1108408fab

  
URLhaus
https://urlhaus.abuse.ch/url/385301/
  
Dropping
MD5 4dfa95e5a5769b1fb3a15945d6c38800
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0d6ae470c3a3700a88b9a1c42d6216e0e0dd9ba7005c3fe8c7cdaa1108408fab

Comments