MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 515b7f13ff296b0b77f9e0e528a97e3a8cc4b232888b98a7fc398d37a3861ea2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 515b7f13ff296b0b77f9e0e528a97e3a8cc4b232888b98a7fc398d37a3861ea2
SHA3-384 hash: da5b65614486e0ee2083f4d090627aec9bf77d0bbfbfacc132be4aa2633f167d61dcf8fda65c1c53cecc71dadd89ff40
SHA1 hash: 41c0c7181028db0ae01241ca74fd7e5b46722dda
MD5 hash: f5e7f2bdc47b0dbe941d8b59ffb22c45
humanhash: spaghetti-foxtrot-white-undress
File name:E-procurement.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'080 bytes
First seen:2020-06-10 06:51:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:dOKnqZ3S1VvX0tWfLnFfveCooLZnKoSUaBxg1NioP:dO8q2VvC6FlZLgFTAfioP
TLSH F3D2F11AF98906C8CB7AB550909E918D1E333290F523CC46C36290ABD97187C7BB3C36
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.huclangia.gq
Sending IP: 64.52.164.230
From: WTO: World Trade Organization <wto.gov@huclangia.gq>
Reply-To: admin.procurement@wto.gov
Subject: WTO Procurement
Attachment: E-procurement.zip (contains "E-procurement.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Dm42HfE_i6IgkQ4bauX0O1BtT3Vl0ItD

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:52:14 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kfnx6e77ffvqw57z4dssrkl6hkgmjmrsrcfzrj74hggtpi4gd2ra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 515b7f13ff296b0b77f9e0e528a97e3a8cc4b232888b98a7fc398d37a3861ea2

(this sample)

GuLoader

Executable exe dafcce2c7c8accbf547a0eacc1afaa148a751ce7af9b3d8d41ef476c95c9cdb8

  
URLhaus
https://urlhaus.abuse.ch/url/385252/
  
Dropping
MD5 14095d6d1801281c6cb5a2fbf49180f9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dafcce2c7c8accbf547a0eacc1afaa148a751ce7af9b3d8d41ef476c95c9cdb8

Comments