MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7842e1be9570c68703eb39f52108fb03cc55a110b3fa349852b9dc0d9ac08c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7842e1be9570c68703eb39f52108fb03cc55a110b3fa349852b9dc0d9ac08c6
SHA3-384 hash: adac68a23b039c7189aaacc3ea7ee41d63838b8da5a8f71dbe35125de2db8d57e351004e926969ae8f4a16057d6a7d92
SHA1 hash: 6d733d5cf5a62405f0760d6071cb7478c3269586
MD5 hash: 449941db7f6f1974a9e84dd2ffb09825
humanhash: tennis-carbon-juliet-fix
File name:New supplier Inquiry and PO 080720545_ DOC.uu
Download: download sample
Signature GuLoader
Create hunting rule
File size:23'638 bytes
First seen:2020-08-18 06:24:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:QGVvIn0fN8ddIYSl9ESmsJTHdCr19CivO3unRhY6Zr:NHfN8TFSMjsJhoywMaRhrZr
TLSH 51B2E1E87429637801D53258B0C7E5E907239EEA15D01BF41A33B94A0DFBA6EF01ADD1
Reporter abuse_ch
Tags:GuLoader uu


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp.aonbd.net
Sending IP: 117.58.240.41
From: Purchase Vertex Safety A.S <suzetrey@netvision.net.il>
Subject: Re: New Supplier Inquiry Vertex Safety TR Fluids/ Industrial Materials
Attachment: New supplier Inquiry and PO 080720545_ DOC.uu (contains "New supplier Inquiry and PO 080720545_ DOC.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=840D3B1CBE15D5F3&resid=840D3B1CBE15D5F3%21105&authkey=AE3W0A_GASV9p1g

Intelligence

File Origin
# of uploads :
1
# of downloads :
238
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7842e1be9570c68703eb39f52108fb03cc55a110b3fa349852b9dc0d9ac08c6/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 06:26:08 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w6cc4g7jk4ggq4b6wopveeepwa6mkwqrbm72gsmffoo4bwnmbdda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar b7842e1be9570c68703eb39f52108fb03cc55a110b3fa349852b9dc0d9ac08c6

(this sample)

GuLoader

Executable exe ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743

  
URLhaus
https://urlhaus.abuse.ch/url/434550/
  
Dropping
MD5 2cf65f26baf289b04242fa0d64b9a08d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743

Comments