MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be54c119fb6d4aa9f9e413aaba88061c9ae39029ebda0395f1fe06e87e805132. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be54c119fb6d4aa9f9e413aaba88061c9ae39029ebda0395f1fe06e87e805132
SHA3-384 hash: 469133af3549f6a58dbfb342161eb8969e69e7af0a7f2a9c12a2dd8b23b2fe6aeb0e27f65e2b8ceb9b045fbb0dfb3fe6
SHA1 hash: cedda1e2d588b2ad83992f33299e4fe60e0dc923
MD5 hash: f328276a105178e55acd896aaffe9d42
humanhash: five-mirror-island-london
File name:Quotation_76873342_98045300.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:44'421 bytes
First seen:2020-06-08 09:19:55 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:Z5ars0xcfpAThIPlDm6c+HNjIdbCp41oneafkiThf4Ngrriua4vRs:ZQrRcBAT6PlDm6pHMbHonfceIgrriu5O
TLSH 7713F147237254C02C6E502BA7B0C7EBBFD0A0097592F470ED2B4B4B852609AA577CE9
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 156.96.62.50
From: Info<info@gmail.com>
Reply-To: snice7312@gmail.com
Subject: RE:Quotation_76873342_98045300
Attachment: Quotation_76873342_98045300.rar (contains "Quotation_76873342_98045300.exe")

GuLoader payload URL:
http://simayesarbedar.ir/CHUCKS%20LOGGER_TxYyY251.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 06:27:40 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xzkmcgp3nvfkt6pecovlvcagdsnohebj5pnahfpr7ydoq7uakeza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar be54c119fb6d4aa9f9e413aaba88061c9ae39029ebda0395f1fe06e87e805132

(this sample)

GuLoader

Executable exe 8108b6460ecdf23ee9c1bb800dc330b657fa8481b5f95c8aaa3ccff9ee10d4c4

  
URLhaus
https://urlhaus.abuse.ch/url/383093/
  
Dropping
MD5 ed6151b1fc63d0bdbebd91ee1094386f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8108b6460ecdf23ee9c1bb800dc330b657fa8481b5f95c8aaa3ccff9ee10d4c4

Comments