MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddf093f84d296bc186a06f9cd47aff95c128ac148903087b78a346f053812d1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddf093f84d296bc186a06f9cd47aff95c128ac148903087b78a346f053812d1b
SHA3-384 hash: 680f19bb08ef1935b3f8c73538e489ddb25455a271d6c792ef5944127fac2cdd378e74a05c440634f3614a413b267fc2
SHA1 hash: 6f7e5aa7556f5be365b141b393b1066bc8ff949c
MD5 hash: ccb99212ae6f5d0a240c62283669ca35
humanhash: mexico-bakerloo-oscar-michigan
File name:file.lzh
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'940 bytes
First seen:2020-06-08 09:20:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:PRh5P1kAnY7hpqf8pTXlS/mwFw7Nt+WL8UabE5pHGunn8i22qFO:PX1CAnGhpWa7l7dNt+WL8UCE5dFnn8i9
TLSH 5013F11B8883150779BBC249CD2AF03FE9108A0478682E79087826613F24B77FD6E17E
Reporter abuse_ch
Tags:geo GuLoader KOR lzh


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm82.hanmail.net
Sending IP: 211.231.106.157
From: 화진인쇄산업 <uniprint@hanmail.net>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: file.lzh (contains "Tildesheil8.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=809F316B561D99CA&resid=809F316B561D99CA%21175&authkey=AHjVAhLb3L8b4LQ

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:04:16 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3xyjh6cnffv4dbvan6oni6x7sxasrlaurebqq63yundpau4bfunq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ddf093f84d296bc186a06f9cd47aff95c128ac148903087b78a346f053812d1b

(this sample)

GuLoader

Executable exe 01f8e3741798998e9bd0a8870adba209817eaa9df6a14ab67875e8292a30c028

  
URLhaus
https://urlhaus.abuse.ch/url/378994/
  
Dropping
MD5 f6bafbd6c391df8d2ebcc0b34817b0bf
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 01f8e3741798998e9bd0a8870adba209817eaa9df6a14ab67875e8292a30c028

Comments