MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397
SHA3-384 hash: e25896859ec368b643f39b2395a57e2210eb1ff6396b10157b89e792f654bad04a1a1620d48e9f18c180938e0bd7b12b
SHA1 hash: 0c337e1a8cf328da638fc196af6de8d60cf986a9
MD5 hash: 59bff78a767cc8ee15c0a360be17c142
humanhash: florida-beryllium-lake-high
File name:shipping doc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-06-08 12:05:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 07d60654b09190a026a0d523cd7f0f02 (1 x GuLoader)
ssdeep 768:hFysfNpuRnnPilTjATM9Rygjddl6pTkRXQJtEWx4Be3KOBnwHzfgtIcmg/7:hFysFY6TjMqRFEp0goKKyGg/7
Threatray 813 similar samples on MalwareBazaar
TLSH 9773AE036804F551F14183B1EE938B8567175E293D82DE8B76997EAFBDF838219E021F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dd42314.kasserver.com
Sending IP: 85.13.157.240
From: ruediger@aachtal-apotheke.de
Subject: Re: Shipping doc/Inv 65655
Attachment: shipping doc.zip (contains "shipping doc.exe")

GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/6988/
Detection(s):
SecuriteInfo.com.Variant.Razy.681950.13686.29951.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:19:05 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xblfeop4tbfocgtbhllkqdxlz47aayjfzdtcibmdua3fm2odeolq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
guloader
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
GuLoader
2c80f61e5c61bb87be9e2d60e69093bcb5082fc690fcd751be787dbd118d5e57
GuLoader
44b9088e8bd1c22c10d5ea77951a3dda0884a8564187a8f98a4472120f374c91
GuLoader
4bed372d49cbb980146b1900cf0e641d7e5e9a72a25afbeea28ff996cb93da5a
GuLoader
68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4
GuLoader
6b4c217c0bdb4660db2d83a8deb9e538e801e8c275e5e1fe955497970daf24c0
GuLoader
7294bdc3333d08ac9c2397b3555c0126928c13600b23de09f21841cfee83f55a
GuLoader
7d02ae5ae3ed3b7a13ff5495174216ea3195764d7154b8e9b4997c74fd08fb09
GuLoader
85a40f3f59fb797494adf184b0dbee2b3d8089e9686b9f484c5242c5a75085a9
GuLoader
9ffc0cc7f5b6bfb1e02d404b6d850e2fd72a778a1a2582fc061723f084cc73c2
GuLoader
+ 803 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip d358e330babfb64222ccadc659a97645c2943f2156e0673ad1a5ffed5fada4b2

GuLoader

Executable exe b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/369174/
  
Dropped by
MD5 36d2d811e6aaaa13712bf47645b7c509
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d358e330babfb64222ccadc659a97645c2943f2156e0673ad1a5ffed5fada4b2
Cape
Cape
https://www.capesandbox.com/analysis/6988/

Comments