MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4cc932eeaa92d88eea2f524bfefbab4499bca2f525ec81a94a525c952037499f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4cc932eeaa92d88eea2f524bfefbab4499bca2f525ec81a94a525c952037499f
SHA3-384 hash: 236cd0960310974200db3e6c3aae38c01e9a1570ef45cf34a023e9376d7dbda17ef9f39f50b595da252cdae23cc9341c
SHA1 hash: e70747dedd2f740adf1be205c99ad7e92bab7c8d
MD5 hash: d646461d011578c75cbff3ae52565738
humanhash: earth-early-moon-bacon
File name:informe bancario.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-10 19:00:18 UTC
Last seen:2020-06-10 19:01:23 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:wOA94d4xRhMVruW7rb7JyHmnJ8Y/84zIJy:wJ4d+yX73I
TLSH F8455C1EDB19E553E1204B3048B26A90A7677D1B604F5E1B791C3A290B72E13AFE743F
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.novasolutions.com.ec
Sending IP: 192.99.233.222
From: PAGOS <pago_navieras@torresytorres.com>
Subject: Re: DEVOLUCIÓN DE PAGO TT (Ref 0180066743)
Attachment: informe bancario.img (contains "informe bancario.PDF.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1w2cXybZ5US7784EkeFgJRx3Nyqm9bpcs

Intelligence

File Origin
# of uploads :
2
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 19:02:07 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jtetf3vkslmi52rpkjf7565lism3zixvexwidkkkkjojkibxjgpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 4cc932eeaa92d88eea2f524bfefbab4499bca2f525ec81a94a525c952037499f

(this sample)

GuLoader

Executable exe abfe010057a638eda064ae47f69e61917dfef096647e35c5d4a642256dd7126c

  
URLhaus
https://urlhaus.abuse.ch/url/385881/
  
Dropping
MD5 252a91e5d4d9a89fca2d4132cfcd223a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 abfe010057a638eda064ae47f69e61917dfef096647e35c5d4a642256dd7126c

Comments