MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b240248c67f20157251e576e91575623b4d6c36ea4197eb272c3bcc490d0a5ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b240248c67f20157251e576e91575623b4d6c36ea4197eb272c3bcc490d0a5ef
SHA3-384 hash: 3d08881ade68cb11d917761636d0826d70046c095ad7152daceb6e4244ee7a23ef6a5966e9ebea0c2d59e1e228eac32b
SHA1 hash: 455d077a9bd497ecd94f6b0394d14cb302403e9c
MD5 hash: be204386807de99e5b6925655d46035f
humanhash: network-pluto-sad-seventeen
File name:Order8062020_pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:47'497 bytes
First seen:2020-06-08 12:12:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:BMUcu1hZsObjwqGg7m9RehhaM+AQFPiPCidxDVOk6OusnZrFZ6GREtqv:BMUVgUgFfeh8M+LOndJVOkA25Zum
TLSH 4223021DAC0A029C14A77F2DC783FD461DA68A8F3536CD4E40E8A526E2EF5A1F3B1D51
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: lucky1.263xmail.com
Sending IP: 211.157.147.135
From: Sales <qiantai@bjfhatc.com>
Subject: New Order (top urgent)
Attachment: Order8062020_pdf.zip (contains "Order8062020_pdf.exe")

GuLoader payload URL:
http://srconstruct.in/wp-content/themes/wowmag/biggrc_lmlGcQ226.bin
http://javreyb-001-site3.ftempurl.com/wp-content/themes/wowmag/biggrc_lmlGcQ226.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:14:08 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wjacjddh6iavoji6k5xjcv2weo2nnq3ouqmx5mtsyo6mjegquxxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip b240248c67f20157251e576e91575623b4d6c36ea4197eb272c3bcc490d0a5ef

(this sample)

GuLoader

Executable exe ebbbd733c438f0d526502859f6baaae6e7864426fe7946a4881c47ce306eef69

  
URLhaus
https://urlhaus.abuse.ch/url/383115/
  
Dropping
MD5 258cc7ba3420300e1574fe85a83b3ff6
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ebbbd733c438f0d526502859f6baaae6e7864426fe7946a4881c47ce306eef69

Comments