MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 960c94a921f8be7180ba83e1f2a749b2c9662db98f0e6d9ce3ae547fb2b44694. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 960c94a921f8be7180ba83e1f2a749b2c9662db98f0e6d9ce3ae547fb2b44694
SHA3-384 hash: fb8d52cd21d7bafd19e06507a1b0af1669d682411c3bb503cc95f1401f8c957ebbb6b60c8b8ff15899b72f0a95a68a6d
SHA1 hash: 7b4de39335760b47731572d510db180264b2b649
MD5 hash: 263912904a4eaed3a366a2ce1fa38b20
humanhash: pluto-winner-football-potato
File name:Rhourde El Baguel LPG Extraction Plant REBProject Rev 1.0.Pdf.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:155'648 bytes
First seen:2020-05-26 09:01:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:Ospe6TUhW6I31UJClc4u+eyE5E5OoIKY:zdA4/U0lc4u9yE5EOoIKY
TLSH 11E308619BF87DB4F8F54FF15C7142188423BC620C669A0B30CE752E5B33E949A7272A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.bgesoaeg.ml
Sending IP: 64.52.175.209
From: Seok-eun Choi<seokeun.choi@daewooenc.com>
Subject: [Rhourde El Baguel (REB) LPG Korea Plant / Algeria] Request for Quotation
Attachment: Rhourde El Baguel LPG Extraction Plant REB Project Rev 1.0.Pdf.img (contains "Rhourde El Baguel LPG Extraction Plant (REB Project) Rev 1.0.Pdf.exe")

GuLoader payload URL:
http://ogee2020.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/bin_Xbibtw24.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.49876.6868.29174.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:07 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 960c94a921f8be7180ba83e1f2a749b2c9662db98f0e6d9ce3ae547fb2b44694

(this sample)

GuLoader

Executable exe f473972f1bc6adb86928a21d4a7af08550aec0ca5c17056a95e830142a2e8f11

  
URLhaus
https://urlhaus.abuse.ch/url/368696/
  
Dropping
MD5 faf9c7995ec88683c6b2330dfce2f083
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f473972f1bc6adb86928a21d4a7af08550aec0ca5c17056a95e830142a2e8f11

Comments