MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b12700db3361206e05228f257123e1eff27f59bf33c589c69c81c6ba2c52f64d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b12700db3361206e05228f257123e1eff27f59bf33c589c69c81c6ba2c52f64d
SHA3-384 hash: 440794577c6193e434dfa1ed31209684899acaacbf55d50c07939d2637ed18d7f2f99efa62c5756f359d18dd7d53afae
SHA1 hash: d4d5903e954b8c392deb91085db4bf81566b67a4
MD5 hash: 1301168b6ec62fd0c083fcaf4388d905
humanhash: fruit-speaker-spring-one
File name:DHL DOCUMENT.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'800 bytes
First seen:2020-08-13 11:34:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:HVOiZT5nLwHCRh1uRB7Ke9t0cktQbe29t3xGP5qnLNDo6L7XH9Im:HMiFuOkR7fnj9VxGPgLNf7NIm
TLSH CDB2D05674E9D2E6EF0A7578B5B8A0752B2A614106063E18AC3D3B9C58267ACDFC8834
Reporter abuse_ch
Tags:DHL GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.cnrhosting.net
Sending IP: 89.252.184.23
From: DHL Express <dhlSender@dhl.com>
Reply-To: Dr.robinbraun@outlook.com
Subject: Fwd: RE: DHL EXPRESS AWB 6916376714
Attachment: DHL DOCUMENT.z (contains "DHL DOCUMENT.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1t0BLVtYnb_pcoESBFR6IhAevGCUAzDf5

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Graftor.816111.22190.29939.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b12700db3361206e05228f257123e1eff27f59bf33c589c69c81c6ba2c52f64d/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 10:10:42 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wetqbwztmeqg4bjcr4sxci7b57zh6wn7gpcytru4qhdlulcs6zgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b12700db3361206e05228f257123e1eff27f59bf33c589c69c81c6ba2c52f64d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip b12700db3361206e05228f257123e1eff27f59bf33c589c69c81c6ba2c52f64d

(this sample)

GuLoader

Executable exe d4f0402b38120943d5be040787f21af3df579a004b7eaece439656b3b4f44b6a

  
URLhaus
https://urlhaus.abuse.ch/url/431758/
  
Dropping
MD5 9883e8edb27b90f61bd50bbef296e0f7
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d4f0402b38120943d5be040787f21af3df579a004b7eaece439656b3b4f44b6a

Comments