MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 864c6b77d44e44018f0d4002c85f844b42bfb6f1e5061710ba4dadd3cf35f83c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 864c6b77d44e44018f0d4002c85f844b42bfb6f1e5061710ba4dadd3cf35f83c
SHA3-384 hash: a9a92aaa74fe35dbbaf5e54e2ce36a1d5ef1d915f60afde31cd19c6e7adddafd02af041ade80975a3b7f0d0c86e7d54e
SHA1 hash: 556ca10efe7a6a1485b7ca99230b04b9053cf298
MD5 hash: d876d697d36d53a16330fec6181c1429
humanhash: arkansas-neptune-hot-quiet
File name:petronas requests.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:46'099 bytes
First seen:2020-06-02 11:17:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:CXoLdQFcX6+Dklv0a8AWSsElaRHVwvcKH3Uo0Fb3GW2XZi5rfX:jLSFwklv0a8AWSMRHGv/3sJ3GWas5rv
TLSH 9523F1737E39AB2986B531A4615F3ACB2CA7D335BCF6278E607961801F1F3D8586060D
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Zahira Sughra - petronas <Zahira.zarrinudin@petronas.com>
Reply-To: Petronas Malaysia <petronas@representative.com>
Subject: Fw: Request for Quotations
Attachment: petronas requests.zip (contains "petronas requests.exe")

GuLoader payload URL:
http://mexiwoodstudios.com/a1/bindonmaster_MULDAVU199.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.49133.20055.24304.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 14:43:23 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qzggw56ujzcaddyniabmqx4ejnbl7nxr4udboef2jww5htzv7a6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 864c6b77d44e44018f0d4002c85f844b42bfb6f1e5061710ba4dadd3cf35f83c

(this sample)

GuLoader

Executable exe 8825d54a98bbf629eac36f5a74a592a78d8463819c0f1e097e48ad5a235b92d9

  
URLhaus
https://urlhaus.abuse.ch/url/374165/
  
Dropping
MD5 e51cb15efb447c31ebf02d835c72fee9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8825d54a98bbf629eac36f5a74a592a78d8463819c0f1e097e48ad5a235b92d9

Comments