MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cea11cd65f59f3751db94a9f7303336762ad7d984ac9f38eb9df9d9360c7e660. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cea11cd65f59f3751db94a9f7303336762ad7d984ac9f38eb9df9d9360c7e660
SHA3-384 hash: b4a1e5089631564d556986798a9590dd2caf0539c11b449d0c56809deee5964490ea832b2e3f3357d105f654050bc14a
SHA1 hash: eaedc3edcb7c6c0e374cd36918c6a1ee923c2126
MD5 hash: 417c2c4c06e57d001bfcca9baf63cc48
humanhash: charlie-golf-steak-floor
File name:RFQ_64735EAA.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:74'269 bytes
First seen:2020-06-03 13:18:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1536:RbIoK5G/TdkiHbcqsvDW9epQMLqRarADxePx2AlE:RbIfG/TdkiHbheKMOEUDYPxxE
TLSH 277312BEFEA05501B1A006D6B503D8A075C9D13DB95ABAE6CCCD060FD72B4D599B8A30
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Mireia Redondo <mireiaredondo@yuntong-batt.co>
Subject: TH64735EAA (OATH DENIM ANORAK)
Attachment: RFQ_64735EAA.rar (contains "RFQ_64735EAA.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=10xx4qDyqe_HKOBlCnkEo0MdtsxGaxmML

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:57 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2qrzvs7lhzxkhnzjkpxgaztm5rk27myjle7hdvz36ozgygh4zqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar cea11cd65f59f3751db94a9f7303336762ad7d984ac9f38eb9df9d9360c7e660

(this sample)

GuLoader

Executable exe 6a9066b12a2f166d08dbf5dbe518236571d7a9719f09673d32080287cf23d5be

  
URLhaus
https://urlhaus.abuse.ch/url/376181/
  
Dropping
MD5 543d6e175d8b547bf91c7fd7856b883b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6a9066b12a2f166d08dbf5dbe518236571d7a9719f09673d32080287cf23d5be

Comments