MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f5e646deb9af51e6468d32fa49968640885a0e9f89bb2fee8d4704690f2cc93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f5e646deb9af51e6468d32fa49968640885a0e9f89bb2fee8d4704690f2cc93
SHA3-384 hash: f35d802e3c5c39a3dfd3d8c91844548db1ec921cc4ee0bec67ec8b7729e799b310ca1dfc000fc5e13798d4f1ba8fed5c
SHA1 hash: 4a00fd7d3c08af5bf86b8c44a1dc2b15b5829261
MD5 hash: 40ff7618d3d3eb5aa57b742c52701cdd
humanhash: montana-september-venus-earth
File name:Gorgon CO2 Injection Project.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'144 bytes
First seen:2020-06-02 11:18:39 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:adRUp05sPUhNQrWxan0Ru0QlzdRKqtEO1V5kzDYKL6e50fcqfL12r0zzG:eKq+qtAlzdAFO1VSoq6000o12r06
TLSH D9130141A7F84F8E94A1EFC581402241FB31D08EA7EC5EA96F1A929D8F5C143A24DD6D
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: seed.net.tw
Sending IP: 139.175.54.24
From: Krizelle Navarro<admin@cyientt.com>
Subject: Cheveron Gorgon CO2 Injection Project
Attachment: Gorgon CO2 Injection Project.gz (contains "Gorgon CO2 Injection Project.pdf.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=70C4976FC04DDB54&resid=70C4976FC04DDB54%21106&authkey=APvhoK6edHtogfU

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:20 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l5pgi3pltl2r4zdi2mx2jglimqeilihj7cn3f7xi2ryenehszsjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 5f5e646deb9af51e6468d32fa49968640885a0e9f89bb2fee8d4704690f2cc93

(this sample)

GuLoader

Executable exe a62d4c1357cebeab47d417a008454aa34651ee9fd7a606f512784fd1a3a65921

  
URLhaus
https://urlhaus.abuse.ch/url/374178/
  
Dropping
MD5 4cc1b334f75bcb72bf1d7cb3d7128658
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a62d4c1357cebeab47d417a008454aa34651ee9fd7a606f512784fd1a3a65921

Comments