MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6aa8f328f1263bce5a5b84bb0ea02e42231ae43507ac104a25a5938024367730. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6aa8f328f1263bce5a5b84bb0ea02e42231ae43507ac104a25a5938024367730
SHA3-384 hash: c9e3bbc9f78ec09b454fd32ae1132348d3970f2f158283506be20ed76825e1d80a36c8cb6798a621081688079ac4a015
SHA1 hash: b640f14bbf0d9049da2faba55ca9fc11c45fe90f
MD5 hash: 0a7aca3180211f080162213c39a5b1f3
humanhash: eight-yankee-bluebird-single
File name:DHL_AWB 9284730931.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'182 bytes
First seen:2020-10-26 14:02:46 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:8pqKDHSzsO7c3Iccrc1bW0ylJt1x7Pj8nn8KG:oFDAoHbWhlJ9gHG
TLSH 11D2E19DA212827A0B327F77CCC402CD9D1A5B02FB17A897B71F44161DF119A536F893
Reporter abuse_ch
Tags:DHL GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "DHL Express"<dhl1@dhl.com>
Subject: Original Shipment Document
Attachment: DHL_AWB 9284730931.rar (contains "DHL_AWB# 9284730931.exe")

GuLoader payload URL:
https://millenium-rj.com/ozil/floow_HQaIKx54.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6aa8f328f1263bce5a5b84bb0ea02e42231ae43507ac104a25a5938024367730/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 05:34:08 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nkupgkhrey544ws3qs5q5iboiirrvzbva6wbasrfuwjyajbwo4ya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 6aa8f328f1263bce5a5b84bb0ea02e42231ae43507ac104a25a5938024367730

(this sample)

GuLoader

Executable exe 092e73bea3484930380103be58ee944d620e754cfbd579e68c1fee773a478b7e

  
URLhaus
https://urlhaus.abuse.ch/url/750727/
  
Dropping
MD5 4788f8a473deba2c7e3e704ce2869bfd
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 092e73bea3484930380103be58ee944d620e754cfbd579e68c1fee773a478b7e

Comments