MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fc0fb0beee86b750a454c80b57d9788f05e3caa6ea3b99982521cad970e81dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fc0fb0beee86b750a454c80b57d9788f05e3caa6ea3b99982521cad970e81dc
SHA3-384 hash: 557815c3edea2e553d4ec84746d568ca17774b06a6fafc6ae5690fc7e813d3f0aa8af0227d572d26839f53f54fdf1b88
SHA1 hash: bded9e943445219d5aa0e77b82a37f11609ef564
MD5 hash: e0176eec1f462f241256023582cff4eb
humanhash: five-glucose-stream-orange
File name:MIDDLE EAST PROJECT- RFQ9736.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:131'072 bytes
First seen:2020-06-10 11:40:12 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:b17O+rTWeBrhYrN5/qEr5ljKX1vjkwgxmn5ioVM63XX9:7TWkYvqE7ivA85ioVM63XX9
TLSH D9D35C1265F0A976DE336AF22EB092685997B43204F18927751C3B2E273BC46F771347
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: alibinali.com
Sending IP: 45.153.241.193
From: mehdi rebaii <Mehdi.Rebaii@alibinali.com>
Subject: RE: MIDDLE EAST PROJECT- RFQ
Attachment: MIDDLE EAST PROJECT- RFQ9736.IMG (contains "MIDDLE EAST PROJECT- RFQ9736img.com")

GuLoader payload URL:
https://onedrive.live.com/download?cid=6196314C52185EFC&resid=6196314C52185EFC%21106&authkey=APE4rX1hRtMrxXE

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:42:08 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n7apwc7o5bvxkcsfjsalk7mxrdyf4pfkn2r3tgmckiok3fyoqhoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 6fc0fb0beee86b750a454c80b57d9788f05e3caa6ea3b99982521cad970e81dc

(this sample)

GuLoader

Executable exe 8bd042a9cba68f9d2fb8805abf49ffc0dc989e05df78876059f671fcfd759661

  
URLhaus
https://urlhaus.abuse.ch/url/385303/
  
Dropping
MD5 0265413092850afa24505c4e454d11ea
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8bd042a9cba68f9d2fb8805abf49ffc0dc989e05df78876059f671fcfd759661

Comments