MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aecf814722f6ccacfc9c54ae82665e8cac44f0b660032d5c4a94ba8ab2d8dade. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aecf814722f6ccacfc9c54ae82665e8cac44f0b660032d5c4a94ba8ab2d8dade
SHA3-384 hash: a3331623a7bc84efe2edede9a8e2c5631e17f825b7b6443696521e54bdf5ac2b12fb5d80429e0eef108a5cc748e06f7c
SHA1 hash: 960d36c136f18d7aaa7b78ee39767c89ecd7a88c
MD5 hash: dcedf4d413f00ca2ea82e5b507456e1d
humanhash: beer-paris-romeo-magnesium
File name:Draft_B096122_images.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:33'321 bytes
First seen:2020-06-10 12:34:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:5om4Mw/wrAuw+iRtnAURzb2DBrc2vWjoXI7FUjVLRlSdd0wj:5ro1ujUtntpirc2ekXAF8Rg/0wj
TLSH 69E2E1B81244189EC1FF73A2ED2D62D7746610E210AE7CA2A6CD7722D4E3CDC82757D5
Reporter abuse_ch
Tags:geo GuLoader KOR rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 061001.novalocal
Sending IP: 45.147.162.21
From: Jason Bourne <admin@moenepa.tk>
Subject: 回复: 回复: New Order for CAMC 6x4 tractor parts
Attachment: Draft_B096122_images.rar (contains "Draft_B096122_images.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1fJIgOWmXE6M1Uys_fzsb1JFobWD7UCi8

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:36:15 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v3hycrzc63gkz7e4ksxiezs6rswej4fwmabs2xckss5ivmwy3lpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar aecf814722f6ccacfc9c54ae82665e8cac44f0b660032d5c4a94ba8ab2d8dade

(this sample)

GuLoader

Executable exe 5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41

  
URLhaus
https://urlhaus.abuse.ch/url/385336/
  
Dropping
MD5 eaa84e6995f65e6a783d47b4153cad3d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f71fa1115c8ddafbe4215ab9b5a69966385bf38bbf033c9c06d6dbaa15abb41

Comments