MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8d28e16d22608e1d33387500fbc57dabb657db75b68150d6c6593c323d40af0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8d28e16d22608e1d33387500fbc57dabb657db75b68150d6c6593c323d40af0
SHA3-384 hash: a8ed7318eee44b8624ac500c6dd4b1c547a8bafeb26e33557ab794bf5df95c363fa083d0a4d2e1e9b05fc26c67a7b18e
SHA1 hash: 9ad8a82b1da42d35e745f609e2831631bfa38b07
MD5 hash: 7d18a4c89f87a5546c343ebf636fa886
humanhash: violet-arkansas-enemy-glucose
File name:TR-D45.pdf.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'016 bytes
First seen:2020-11-20 07:49:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:KXMG32ZevaZbqs0U1dBRySJYaCIp2aupx0DDR:AB/aZbqs0U1dBRySJYRB+DR
TLSH 31B2D1BB5881ABE0B6DE22F43DD2C286604395ED56308BA255F8BE5A31C146C38725AD
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ygw4.ni.net.tr
Sending IP: 159.253.40.124
From: info@ynsreksan.com.tr
Subject: Re:Quotation Update Request
Attachment: TR-D45.pdf.rar (contains "TR-D45.pdf.exe")

GuLoader payload URL:
https://pilatescollective.com/myguy/Edog_WaRWObtLyf156.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
235
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8d28e16d22608e1d33387500fbc57dabb657db75b68150d6c6593c323d40af0/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 07:50:08 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xdji4fwseyeoduztq5ia7pcx3k5wk7nxlnubkdlmmwj4gi6ublya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar b8d28e16d22608e1d33387500fbc57dabb657db75b68150d6c6593c323d40af0

(this sample)

GuLoader

Executable exe 3b162f2943b2ee8d6075b2f8f4cbd7832e11b50ecdfcb4a68cf18eb1c7614651

  
URLhaus
https://urlhaus.abuse.ch/url/835903/
  
Dropping
MD5 937841064411662c36469498ea645660
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3b162f2943b2ee8d6075b2f8f4cbd7832e11b50ecdfcb4a68cf18eb1c7614651

Comments