MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 baccdcb2bf9fdae061f43fd3106975b8dd1074537abcb73e48456c10fbb1efc1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: baccdcb2bf9fdae061f43fd3106975b8dd1074537abcb73e48456c10fbb1efc1
SHA3-384 hash: cc4190dd5334f997aa405b6a6cf7c2515dba7cb30d567d8687a296e7ad91274e2b68da15e77c2e5ec1a38a46a7475190
SHA1 hash: 87264b298400bfaeae3a6f20f4085f2d36f795bd
MD5 hash: 3019d958eb87d5048a7329bccf69cdb0
humanhash: alanine-sodium-orange-beryllium
File name:Shipping Documents INV,PL,BL_pdf.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'479 bytes
First seen:2020-11-20 07:46:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:rKcT28duATJ/mvpm+I44btyNNa80nR1JGP:Xfevpm+IHb6IDn9E
TLSH 08B2F14A1FAF7C3DC644A3A0429BB9A3AF4201CDE4C89B6FE39A0B11645929071018DF
Reporter abuse_ch
Tags:DHL GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: zoz0.213.xzov.ml
Sending IP: 159.89.99.175
From: DHL Support <support@dhl.com>
Subject: SHIPPING DOCUMENT
Attachment: Shipping Documents INV,PL,BL_pdf.rar (contains "Shipping Documents (INV,PL,BL)_pdf.exe")

GuLoader payload URL:
https://lifeandhealth.com.mx/graceofgod/Kalied_fAAOrhVS181.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/baccdcb2bf9fdae061f43fd3106975b8dd1074537abcb73e48456c10fbb1efc1/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 07:47:03 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xlgnzmv7t7noaypuh7jra2lvxdora5ctpk6lopsiivwbb65r57aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar baccdcb2bf9fdae061f43fd3106975b8dd1074537abcb73e48456c10fbb1efc1

(this sample)

GuLoader

Executable exe 44350179d4fdd08fd02c02b733f80c82d54f5af31c8a2432de9cfb6b11ab4aa0

  
URLhaus
https://urlhaus.abuse.ch/url/835905/
  
Dropping
MD5 aed402d9a5675f5796265e5170ada7cb
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 44350179d4fdd08fd02c02b733f80c82d54f5af31c8a2432de9cfb6b11ab4aa0

Comments