MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e33cf7fa742d4e2a09f17363ecc1202d73f171bdb4ee57ec885ecd6e47dd0fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e33cf7fa742d4e2a09f17363ecc1202d73f171bdb4ee57ec885ecd6e47dd0fa
SHA3-384 hash: fbcaa1ad5fb0503dc863cc8a414c049597f5bd30ed58f1ebc6694a23966192aef80cb1a55608f9201a53980bf310f1ee
SHA1 hash: 15b9ffd3cc0d080c05216b2b73941b83617d1593
MD5 hash: fddf2e26f0bcf1e467da8f8fe6380b6f
humanhash: thirteen-yankee-vegan-shade
File name:REF_Request For Quotation Details_Rev1.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-09 06:15:32 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:LPaUcuLunkgEarF7igAzH0p9BS/5QNzlJF:7Su7Farcg0HES/C
TLSH 50456C12F26D51B3F19392B14B67DBA4A6B2FD2419114F07368C3B2E0F36B88DD9125E
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: linux.avaserver.com
Sending IP: 95.217.137.242
From: 김병준 <bkim@hec-co.kr>
Reply-To: 김병준 <bkim@hec-co.kr>
Subject: RFQ For Canada New Energy Plant Project
Attachment: REF_Request For Quotation Details_Rev1.img (contains "DOOH.exe")

GuLoader payload URL:
http://iykemorelinkrtyu.webredirect.org/uploud//5bab0b1d864615bab0b1d864b3/bin_obboX16.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e33cf7fa742d4e2a09f17363ecc1202d73f171bdb4ee57ec885ecd6e47dd0fa/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-09 00:37:21 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ryz4675hilkofie7c43d5tasallt6fy33nhok7wiqxwnnzd52d5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8e33cf7fa742d4e2a09f17363ecc1202d73f171bdb4ee57ec885ecd6e47dd0fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8e33cf7fa742d4e2a09f17363ecc1202d73f171bdb4ee57ec885ecd6e47dd0fa

(this sample)

GuLoader

Executable exe fce8a94adda657c79b4fbe7b2b4ef4062d27b0c15108b23ae6cb9dc545a267f8

  
URLhaus
https://urlhaus.abuse.ch/url/673362/
  
Dropping
MD5 b73eb297795a8846ad2c824cd06712bb
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fce8a94adda657c79b4fbe7b2b4ef4062d27b0c15108b23ae6cb9dc545a267f8

Comments