MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bef0c6137985861808c8c570e80a26501d3c5ebcbb4656058c1c31b96255cb4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bef0c6137985861808c8c570e80a26501d3c5ebcbb4656058c1c31b96255cb4f
SHA3-384 hash: 46548ab29cd64c0f6e4275fd6d645fd25d7c82fa8cf040db7b1cb2788ba29bd66e5661525665fb5992c597faeca068ad
SHA1 hash: cfb14597e10aaeb4489fa5dc63bc3c510a7010bd
MD5 hash: 219ed3903e9a7d439f240157fa05dca5
humanhash: wolfram-triple-july-papa
File name:REMITTANCE.Xxe
Download: download sample
Signature GuLoader
Create hunting rule
File size:27'487 bytes
First seen:2020-05-26 07:35:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:lR98+vA62XLpxOd2q3U2sL6Us5E/4qiknGN:P9s6OLpxOd2q9sL1p/Nn8
TLSH BBC201E78EF025564FA20315D2C88DA5ED91269427188FE889E631E33FC31B0E5E478F
Reporter abuse_ch
Tags:GuLoader Xxe


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: whoismail.net
Sending IP: 211.115.64.84
From: 리지드코리아 <info@ridgidkorea.com>
Reply-To: info@ridgidkorea.com
Subject: Outstanding payment
Attachment: REMITTANCE.Xxe (contains "REMITTANCE.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=02E98840A4C9FD6C&resid=2E98840A4C9FD6C%211183&authkey=ANV33tRMzmI5CKo

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vp2
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 09:22:22 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 48 (27.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar bef0c6137985861808c8c570e80a26501d3c5ebcbb4656058c1c31b96255cb4f

(this sample)

GuLoader

Executable exe cfec3b96406b5c9cee457e736154fe09bd0ffa60ada717f89f9923ecfb4358cb

  
URLhaus
https://urlhaus.abuse.ch/url/368645/
  
Dropping
MD5 3eb84b10914958bc93921f5b7a7e9c77
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cfec3b96406b5c9cee457e736154fe09bd0ffa60ada717f89f9923ecfb4358cb

Comments