MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 545613b2c72fd2a91a2a4e9e331484cfaa2a9cb4903c2651090afa034a133211. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 545613b2c72fd2a91a2a4e9e331484cfaa2a9cb4903c2651090afa034a133211
SHA3-384 hash: 6a9a0df855a9b55f7b4ee5a5428ba9a590ae0dee7ac201f6985507926ea07d0b8d95db602815e614473b2a61c3ca0e87
SHA1 hash: b4aab476f9b0cc6b6912728f62b3ac1b50e5ca91
MD5 hash: 7f7007891704ed717d822a61800b0e15
humanhash: december-mirror-kitten-magnesium
File name:RFQ 0111-20-10-26.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'200 bytes
First seen:2020-10-26 14:10:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:TKKKYrekdbOWZhAhWReS7B408IsQOSbMCTqB:hnp0WHiWRuIbbMCy
TLSH 32D2E137BBB4F4DA87A04B22095F706929B44831868A7FADF7B43B5C6150CA423F310D
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: xwx0.320.xoron.ml
Sending IP: 159.89.137.248
From: Dr MokSeng Chan <m.chan@amco-metall.dey>
Subject: RE: AMCO Special Profile Enquiry for Aluminium Plates and Bars
Attachment: RFQ 0111-20-10-26.rar (contains "RFQ 0111-20-10-26.exe")

GuLoader payload URL:
https://redesuperpops.com.br/trends/Kalied_Rewcur216.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/545613b2c72fd2a91a2a4e9e331484cfaa2a9cb4903c2651090afa034a133211/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 03:24:18 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=krlbhmwhf7jksgrkj2pdgfeez6vcvhfusa6cmuijbl5agsqtgiiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 545613b2c72fd2a91a2a4e9e331484cfaa2a9cb4903c2651090afa034a133211

(this sample)

GuLoader

Executable exe 44da34c94fa3c1fbc77e4d18a745b1059db381ad4e6a025a90504b2bdfa73f18

  
URLhaus
https://urlhaus.abuse.ch/url/750731/
  
Dropping
MD5 74558ab0b6c9a3d2202b149413178595
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 44da34c94fa3c1fbc77e4d18a745b1059db381ad4e6a025a90504b2bdfa73f18

Comments