MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8e41c717befab77f5b7a3641bc1f6c0832f9f8e80d30873be1a888e5bfaf7a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8e41c717befab77f5b7a3641bc1f6c0832f9f8e80d30873be1a888e5bfaf7a8
SHA3-384 hash: 99f45ed9febc6ffbb13c73de6e6294b2a722583db323c8090eb89af37b87dbb0e8fcc8a375ffbd049d6afb03a5e45a68
SHA1 hash: 8ebd7ee687d6cfd5c1a1b73d3a5045e9804870f5
MD5 hash: 44606c062b149f83d21924f606e201fd
humanhash: arkansas-jersey-muppet-helium
File name:CEMENTOS-DOC.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:20'079 bytes
First seen:2020-05-28 07:34:14 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:0ZeJYoOvTJ7IrJUBGQaaztPibUXYTP1QXpDRlw/Tum6TTOhy5:DJyvTFIrJYaakbUHXdEKPTTSy5
TLSH 9792D0845B2A6C9AD7FFCAFDECF171333C39C1AE2AF9CD056A7891D02452445C8251E6
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: kfistudios.cam
Sending IP: 111.90.158.131
From: JUAN ALBERTO URBANO <grencia@cementoscauca.com.co>
Reply-To: hinduhyog2011@gmail.com
Subject: QUOTATION INQUIRY
Attachment: CEMENTOS-DOC.rar (contains "CEMENTOS-DOC.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1LmyqIluFJ5HoNT0VjWSvtPFmVfK-cvxy

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:38:01 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar c8e41c717befab77f5b7a3641bc1f6c0832f9f8e80d30873be1a888e5bfaf7a8

(this sample)

GuLoader

Executable exe 994655b2cfd0979f7b96ae1f4423510633a82adf92fa6486dfd2f3243e96618d

  
URLhaus
https://urlhaus.abuse.ch/url/370302/
  
Dropping
MD5 b7974ace4e5436770ce9b63a315fab68
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 994655b2cfd0979f7b96ae1f4423510633a82adf92fa6486dfd2f3243e96618d

Comments