MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f72ffffd0c1e3345debc9f56eb7c96781b4034a7dbe817cd4b821487ac68209. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f72ffffd0c1e3345debc9f56eb7c96781b4034a7dbe817cd4b821487ac68209
SHA3-384 hash: b4d4686b80abe33396bc9d441c14b339180fc4ea5f102eaeb32ef21ec695c0880fe4f4052e84dbfb4f680f7b0ae70ba8
SHA1 hash: 28789a47cf60100afa673f6e4ed06f3de8d93b5e
MD5 hash: 9143fe992f99379ec2381e4387d652a5
humanhash: tennessee-yellow-fanta-delta
File name:prijavnica za preventivno opremo·pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:36'164 bytes
First seen:2020-06-02 11:12:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:Asks8APCyPOCi83GoX5CPvif8r8RuRcU38kYuN6Gd:nB84CymCi83r0PvHcu8WT
TLSH 37F2F16AD3E9FB33B05B649A5DD58F07CBF6C29D41325A3763D60E1818E806E583288C
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cpanel.geoenergetika.serv.si
Sending IP: 195.144.26.50
From: slovenski nacionalni inštitut za zdravje <katarina.Vojvodic@nijz.si>
Reply-To: katarina.Vojvodic@nijz.si
Subject: Distribucija zaščitne opreme Covid-19 (Ministrstvo za zdravje Slovenija) Junij 2020
Attachment: prijavnica za preventivno opremo·pdf.zip (contains "prijavnica za preventivno opremo·pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1M_uKXeeoDhkvQQbqrL-NBkPMU2YX-PI6

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 21:05:02 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n5zp776qyhrtixplzh2w5n6jm6a3ia2kpw7ic7guxaquq6wgqieq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6f72ffffd0c1e3345debc9f56eb7c96781b4034a7dbe817cd4b821487ac68209

(this sample)

GuLoader

Executable exe e6e85c7dee15e68872a6579cc8af8c01662316db6f6af8132ef178c643d66881

  
URLhaus
https://urlhaus.abuse.ch/url/374409/
  
Dropping
MD5 a2cee25ff6fe14d72c888e5ad2e834ca
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6e85c7dee15e68872a6579cc8af8c01662316db6f6af8132ef178c643d66881

Comments