MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83a24bbe8105d61bf2ad3160e023304facb73ff1346e577ec5936b61136526f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83a24bbe8105d61bf2ad3160e023304facb73ff1346e577ec5936b61136526f5
SHA3-384 hash: fdbfcc85f7d62bb48eed54e4011004e6b9d61bfae1322d98d244ac42426c7b1f88e9874329b6dd74603a0d65ed5fb7d0
SHA1 hash: f621d2280773cdb7e1a70d1950ded5b823a0e135
MD5 hash: 79b6797a0e04fb11d14ce75e6b2a6179
humanhash: nitrogen-potato-oranges-wolfram
File name:pharmaceutical glass bottle.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'554 bytes
First seen:2020-08-06 05:10:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:MUxj/5mc6TBrcxktD235yvouhMvXVc1BBNJvpfZE80K1GTxrHrpyDMfnNoO7+oFi:5K1cKFbZhaVwBzvpf+8pMxYDwKO7+Hwo
TLSH AEB2F1EA44F6AB3EDC228B5140233E94A8D454FB1834F8018459739A241C5DCAEDEBFF
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: serve0.alibcompositeltd.pw
Sending IP: 104.168.190.254
From: F. Rabbi & Co<info@alibcompositeltd.pw>
Reply-To: <swadeshi.bsnl.co.in@gmail.com>
Subject: pharmaceutical glass bottle
Attachment: pharmaceutical glass bottle.zip (contains "Dyschiria.exe")

GuLoader payload URL:
http://zarnaftdiar.ir/chidebereeee_MMuxvBU40.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Graftor.809267.12682.3112.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83a24bbe8105d61bf2ad3160e023304facb73ff1346e577ec5936b61136526f5/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 18:02:22 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qorexpubaxlbx4vngfqoaizqj6wlop7rgrxfo7wfsnvwce3fe32q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/83a24bbe8105d61bf2ad3160e023304facb73ff1346e577ec5936b61136526f5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 83a24bbe8105d61bf2ad3160e023304facb73ff1346e577ec5936b61136526f5

(this sample)

GuLoader

Executable exe 70da37182d8bd664853445333e0d7d594355e64287daf830ef307a1aae9f7e2a

  
URLhaus
https://urlhaus.abuse.ch/url/425948/
  
Dropping
MD5 f9d7922c539db8f33364c7b5579eaf41
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 70da37182d8bd664853445333e0d7d594355e64287daf830ef307a1aae9f7e2a

Comments