MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d80d7d40e1e1a1c34652b10f2c3c55ac273f6d8b13833dbfa9ca87c0a2b7e95c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d80d7d40e1e1a1c34652b10f2c3c55ac273f6d8b13833dbfa9ca87c0a2b7e95c
SHA3-384 hash: 54b2652c3409ed694065425481ed3948835fe2545b6125baa657b98cd7769adc1cd29c454fe28670c3954e9d59f3dacb
SHA1 hash: 6b9e26b68738e0023153fe5865c5ef55901bfdeb
MD5 hash: 0d6e62bff98ab3d32889845e43a0eaaf
humanhash: mike-fifteen-vermont-mars
File name:INV20201006PO3748.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:126'976 bytes
First seen:2020-06-10 12:33:30 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:AM94d4xRPxZNaburbVMAwQqamIWSESo5wmM:p4d2ZNabuXKlrnW7
TLSH 5FC35B1FEA28D563F1700A3014B24AD55B536E17640F6C0BB94D29BA0F739136AE763F
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ecs-yTWXi.localdomain
Sending IP: 147.78.221.105
From: SALES DONIER TECH <jfazari@thebamcogroup.com>
Subject: Re: rev-Order-june covid-19-10-06-20-PO
Attachment: INV20201006PO3748.img (contains "INV20201006PO3748.exe")

GuLoader payload URL:
https://abnormalpresentation.com/kva/modimo_yIYup32.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.BadFile.lm.1569.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:35:06 UTC
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3agx2qhb4gq4grsswehsypcvvqtt63mlcobt3p5jzkd4bivx5foa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d80d7d40e1e1a1c34652b10f2c3c55ac273f6d8b13833dbfa9ca87c0a2b7e95c

(this sample)

GuLoader

Executable exe 150bc84103a182333fa76ebdbc55769240877076252dea1e3ff398272019ce4a

  
Dropping
MD5 b2cfcef5c8200ddda5e1d81852b5bd66
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 150bc84103a182333fa76ebdbc55769240877076252dea1e3ff398272019ce4a

Comments