MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6718546027ebeb483b5969e21f6d92a1843fb392bd1c0834abb5b33fad7d134e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6718546027ebeb483b5969e21f6d92a1843fb392bd1c0834abb5b33fad7d134e
SHA3-384 hash: b5de3da738ae52fba54a7ef45e267f45662005dbe9615f2beab43ab28d140d3fb4233612d68b537452afcf229c2e4fa0
SHA1 hash: 62eac4f8a9e9f7f252afc10a14cc62f111adb9d5
MD5 hash: 290446727d77c4a13eb0e9f108a4e7eb
humanhash: ceiling-oscar-april-carbon
File name:sales.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:35'489 bytes
First seen:2020-05-26 11:19:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:8u4CB2MYLWqXQAkTKN/eQDLcXzRxJ0DfQbeuf9IK8Yj+u0S9VIvA:8u4CkIGNGqLGGUSusK0UKA
TLSH 7AF2F2E8E765239BC1A5F95DA68C4AB9CF097780806FCC92493272339D0415BCF2F636
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gfh3.gfh-net.de
Sending IP: 85.236.43.173
From: DKV EURO SERVICE GmbH + Co. KG <warth@lieferanten-marktplatz.de>
Subject: AW: AW:Payment and Order Confirmation 29-04-20 INVOICE_20-613129926-001
Attachment: sales.zip (contains "sales.exe")

GuLoader payload URL:
http://156.96.118.179/RAW-4-DAVdx_xtLnf95.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:36:56 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6718546027ebeb483b5969e21f6d92a1843fb392bd1c0834abb5b33fad7d134e

(this sample)

GuLoader

Executable exe fb98989e3e598841af7312f2d7eb011d9dafcd031caf39e39e7208ba37590ad5

  
URLhaus
https://urlhaus.abuse.ch/url/365711/
  
Dropping
MD5 9aa672d4747104526c4a766a47f87bf1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fb98989e3e598841af7312f2d7eb011d9dafcd031caf39e39e7208ba37590ad5

Comments