MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5924cece5c367f5057d2d2486144b85654ec35668a58caa0a708a5593c2f283d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5924cece5c367f5057d2d2486144b85654ec35668a58caa0a708a5593c2f283d
SHA3-384 hash: 44d83855e100ca687eb44f5b3e07b5bbe96503d78a5f5b8b72d86e02981288a33ade52aba3ba70266e32aef1eb052a37
SHA1 hash: 845ef25d5e6a1bd87b329987ff1a8b6b07ba070c
MD5 hash: 9cf472462494525c1a19ffa13e9c254d
humanhash: east-steak-georgia-golf
File name:41126780_Inv0ice_Confirmation.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2020-11-06 17:21:56 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 768:WeMJPgJ+L/1rHlW6DlTlTTTTTnWTTTTLkL5bbFv3TTTTTTTTTTTTTTTTTTTTTTTK:dJQ/38+bFvfJCst1yr
TLSH 45C3F64FA1B0E760E6968ABE076397A852237C21C170964AFD4F345F0B73784C7E436A
Reporter abuse_ch
Tags:GuLoader iso


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.sweet.jp
Sending IP: 122.215.240.144
From: Zara Abad <info4u@reberauto.com>
Subject: Payment confirmation..
Attachment: 41126780_Inv0ice_Confirmation.iso (contains "41126780_Inv0ice_Confirmation.exe")

GuLoader payload URL:
https://joudex.com/nm/nov_ESYcfLslK143.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
211
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.744739.30235.5626.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5924cece5c367f5057d2d2486144b85654ec35668a58caa0a708a5593c2f283d/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 03:10:32 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lesm5ts4gz7vav6s2jegcrfykzkoynlgrjmmvifhbcsvspbpfa6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 5924cece5c367f5057d2d2486144b85654ec35668a58caa0a708a5593c2f283d

(this sample)

GuLoader

Executable exe c9d7f98f32268cf0a37e645d801608ba1135ff089f48854ccfc385aefebfce25

  
URLhaus
https://urlhaus.abuse.ch/url/793616/
  
Dropping
MD5 59dd27912b888f5ecbf8101447f01d93
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c9d7f98f32268cf0a37e645d801608ba1135ff089f48854ccfc385aefebfce25

Comments