MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5b2aa965df10068da51021b7817fcb6dd677fd53a3d74728751b8320e198a28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5b2aa965df10068da51021b7817fcb6dd677fd53a3d74728751b8320e198a28
SHA3-384 hash: b25a5bce24f0b84a34ffaacffb3f9ecb1dd0f4dd6fbf847eaa1ef69d95a65e4be49b86c57e38c8599f2b4e31f4307d20
SHA1 hash: 913edc5f2b334664547f0357ce234551013a63df
MD5 hash: 6b1513663a21ca27665c2db247a38252
humanhash: november-quiet-bakerloo-utah
File name:FACTORY EQUIPMENTS PURCHASE ORDER MKCT-02-06-2020.PDF.7z
Download: download sample
Signature GuLoader
Create hunting rule
File size:42'260 bytes
First seen:2020-06-02 10:59:35 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 768:4Hu7q8uNy+sN97nFifk/K5zcWtvUup1lv+r568xcrmbyLGPBzeWWj6RlmyS:4oqWhNVZ/K5ZtvUQmrdQGPB/W+ldS
TLSH BF13F17F53FB5D568B58F19D53136ABE416301CACF7B252242CAC01B6C2CFA6A0B5C28
Reporter abuse_ch
Tags:7z GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server1.swisspac.es
Sending IP: 119.18.63.233
From: JK & T Equipment Pte. ltd. <purchase_dept@jktgroup.com.sg>
Subject: PO. FOR NEW FACTORY EQUIPMENTS
Attachment: FACTORY EQUIPMENTS PURCHASE ORDER MKCT-02-06-2020.PDF.7z (contains "FACTORY EQUIPMENTS PURCHASE ORDER MKCT-02-06-2020.PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Uqtyb1TKHoyFpZuMRfKU3riHJmm5Ln5C

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 02:44:00 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2wzkvfs56eagrwsrainxqf74w3owo76vhi6xi4uhkg4dedqzriua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

7z d5b2aa965df10068da51021b7817fcb6dd677fd53a3d74728751b8320e198a28

(this sample)

GuLoader

Executable exe d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e

  
URLhaus
https://urlhaus.abuse.ch/url/374146/
  
Dropping
MD5 c9bb942c858475b5953707630a170727
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e

Comments