MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b80ff7bfa533e3e46e48b5898b9ba3ee06e54cd8734eceda1c9fe29283547bd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b80ff7bfa533e3e46e48b5898b9ba3ee06e54cd8734eceda1c9fe29283547bd4
SHA3-384 hash: 8de194537a04d88f30cb224de6bd3bce3f225b2d6074448baffa7822172044f6ab684ffd424e5b2ac9471527ced242d7
SHA1 hash: 587d8f7c333707859fa4710067011f4acd0b1cbb
MD5 hash: 6ae83a160674ba23c390a4a381ef49af
humanhash: jupiter-five-hot-minnesota
File name:BMG BUND.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:19'739 bytes
First seen:2021-03-03 07:40:20 UTC
Last seen:2021-03-05 14:41:30 UTC
File type: zip
MIME type:application/zip
ssdeep 384:yhjR3Z8cOqvBeX9Xd3E7B2SOMzBOvBDY3cp1e3K61B2h/Q7dQFrcPc8SCs/2T15j:6jR3Z8cO2BeX/3EtQDLpSK61B2haCwE8
TLSH E192D055E53962BE82ABAC2FD1163DD814CBEE30901FA6591C141B3EAB4F063CF2852D
Reporter abuse_ch
Tags:DEU geo GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.zullenergy.com
Sending IP: 50.7.155.26
From: Jens Spahn <jens.spahn@bmg.bund.de>
Reply-To: k1@ecg-ingenieria.mx
Subject: Federal Ministry of Health Germany
Attachment: BMG BUND.zip (contains "BMG BUND.exe")

GuLoader payload URL:
https://01677937777.burrow.io/spark/bin-ups00_cHKimre249.bin

Intelligence

File Origin
# of uploads :
3
# of downloads :
244
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.31339.15175.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b80ff7bfa533e3e46e48b5898b9ba3ee06e54cd8734eceda1c9fe29283547bd4/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 07:40:34 UTC
AV detection:
22 of 27 (81.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xah7pp5fgpr6i3siwweyxg5d5ydoktgyonhm5wq4t7rjfa2uppka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/b80ff7bfa533e3e46e48b5898b9ba3ee06e54cd8734eceda1c9fe29283547bd4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip b80ff7bfa533e3e46e48b5898b9ba3ee06e54cd8734eceda1c9fe29283547bd4

(this sample)

GuLoader

Executable exe a08f5c471f8b45f5936e088bd2834697d41df69ecc777d7e4797283471a93f96

  
URLhaus
https://urlhaus.abuse.ch/url/1043813/
  
Dropping
MD5 47ad34d64e3d6b71904310bf9572234b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a08f5c471f8b45f5936e088bd2834697d41df69ecc777d7e4797283471a93f96

Comments