MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fd104b132daba5bd4935ea1c8106588519167461fa53c00c62282ece45ed587. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7fd104b132daba5bd4935ea1c8106588519167461fa53c00c62282ece45ed587
SHA3-384 hash: 37c881c7bdd5ec8db86ff297ee5aa353c14c2d928d109450d965813223cd39db3f1429e98da6b2ae263143f7f2d2d445
SHA1 hash: 1519674e0669e706ae6a9d6713e70d148eba39c0
MD5 hash: 9ffca95b80eef63a472cddbb7c6e165c
humanhash: batman-mississippi-island-illinois
File name:Product Inquiry.gc.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'067 bytes
First seen:2020-06-08 09:20:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:DEpIblAf6xcH8zc3vvGdqGSV3vI5oI7XsuHGXT8qkeWbf3htJ3Ta0nME0vbtJbRw:DEMY+KPXhVSo6CkpdtpDs3O
TLSH EA1302935C731784F0A34194B17917A1EF4D96F5C4225F128F9A2BF1DD2EF0BA619B80
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 156.96.62.50
From: jitesh Iyengar <jitesh@gmail.com>
Reply-To: snice7312@gmail.com
Subject: TOP URGENT...: AW: AW: Product Inquiry
Attachment: Product Inquiry.gc.zip (contains "Product Inquiry.exe")

GuLoader payload URL:
http://simayesarbedar.ir/chucksfb_DZUqBE52.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.17537.437.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 08:42:12 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p7iqjmjs3k5fxvetl2q4qedfrbizcz2gd6styaggekbozzc62wdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 7fd104b132daba5bd4935ea1c8106588519167461fa53c00c62282ece45ed587

(this sample)

GuLoader

Executable exe 5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7

  
URLhaus
https://urlhaus.abuse.ch/url/383061/
  
Dropping
MD5 246fb8118feef332c1173319c291daaa
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7

Comments