MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ace9077c1b8a3c46e12ccb0808f5a13244646c33112aeb2a0f7a0b4ad1d97be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ace9077c1b8a3c46e12ccb0808f5a13244646c33112aeb2a0f7a0b4ad1d97be
SHA3-384 hash: 08d3f4f5b942feba3977b9355f475b677acb764ae49203d7e98cee751c745ed2adc4c5593ff87ccd12a4de034139a447
SHA1 hash: ad89fae0aeed41e1c3d5b98679f058860a20d770
MD5 hash: 6d6a7dd74e34a5c6c51869c52e40b4ae
humanhash: louisiana-fish-table-ten
File name:Devis urgent requis pour un projet en cours France BTSH2561.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:22'066 bytes
First seen:2020-06-08 12:12:47 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 384:+enpeXtRPA1vKNO8tt6DSQt16ShTrr/KLEVp826gV26PysP7sFMqI8dxZ:oteV8tt6OsUqrrymp826gDye4FW8dT
TLSH 69A2E02A8842D5E793EE0A344F1F33891461F911318B9B4C4EF64B7937A25FB5B03657
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: clean306.mxserver.ro
Sending IP: 46.102.249.41
From: Jordan Tyrban <jordan@lalemant-france.fr>
Subject: Devis urgent requis pour un projet en cours France BTSH2561
Attachment: Devis urgent requis pour un projet en cours France BTSH2561.gz (contains "Devis urgent requis pour un projet en cours France BTSH2561.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1dh61IWa7fEtgrnP8A53Q04fHssd8qOWY

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Cerberus.7323.8368.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:14:07 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jlhja56bxcr4i3qszsyibd22cmsemrwdgejk5mva66qljli5s67a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 4ace9077c1b8a3c46e12ccb0808f5a13244646c33112aeb2a0f7a0b4ad1d97be

(this sample)

GuLoader

Executable exe 8fac7f5a497d4b313250507c1939fab835e49b75f532dea338231747784588da

  
URLhaus
https://urlhaus.abuse.ch/url/383112/
  
Dropping
MD5 45b5caaaf4809f0cb4366bbb2e7287bc
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8fac7f5a497d4b313250507c1939fab835e49b75f532dea338231747784588da

Comments