MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3ed01094c8ae9a40d01dced96c540cca8744c0c006947609b42d6d4153a2ea5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3ed01094c8ae9a40d01dced96c540cca8744c0c006947609b42d6d4153a2ea5
SHA3-384 hash: d2562dc4d7fd48dd55fa36f1f6ac2496b97225593f0dd964d062a3511fecf3477bb0ee4cc6abcf894f397d933fb2afdd
SHA1 hash: efeb666ea0acaf789953db44e0fd53dc6b2b554a
MD5 hash: 0d43e89bd246992428ae9db01ec04ee4
humanhash: sodium-twelve-spring-magazine
File name:RTF-B00.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:91'894 bytes
First seen:2020-06-02 11:20:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:FbyY9gBows35mNn2BD9RDYBCWabyY9gBows35mNn2BD9RDYBCWH:5yqEh4RmUyqEh4Rm5
TLSH 519302364F407A10F8294673A3526A873D5F9C2990ADA154472F77EA472ED9BF23CDC0
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.qsg-sc.com
Sending IP: 45.95.168.248
From: Ahmed Ali <sales002@jiashuiaparty.com>
Subject: AW: Quote Attached
Attachment: RTF-B00.zip (contains "RTF-B001.pdf.......................................................................pif")

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/bb_yzZdAN97.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 09:41:45 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=upwqcckmrlu2idib3twznrkazsuhitamabuuoye3illnifj2f2sq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a3ed01094c8ae9a40d01dced96c540cca8744c0c006947609b42d6d4153a2ea5

(this sample)

GuLoader

Executable exe 5c719c776ed6bea2856f1b963f76eae02cb4518fe7738754c9fbe2d2c267a9e5

  
URLhaus
https://urlhaus.abuse.ch/url/374168/
  
Dropping
MD5 5186df0766946c8ac9d8d2ef4a30c30c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c719c776ed6bea2856f1b963f76eae02cb4518fe7738754c9fbe2d2c267a9e5

Comments