MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f05839f9f0964e9a01e8524efc20ee738fd4c0118ff95d232c2c80e6af5c6bcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f05839f9f0964e9a01e8524efc20ee738fd4c0118ff95d232c2c80e6af5c6bcd
SHA3-384 hash: 66a74c9e52b12bdd78381a20838d98275b395a58a26fc2e81957dc33c38f652bb44d83c07405ee2ff6c9843624328287
SHA1 hash: 5315ff871e6a67cb3dc28ad33e545e459dc7efa4
MD5 hash: aceb42f34a34114012c7763d4e9ff357
humanhash: ten-purple-mango-diet
File name:CEMENTOS-DOC.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:20'582 bytes
First seen:2020-05-26 07:18:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:4bY4bAh6M0cPPQaDEpIgZvpuP0UBPRcBTnXRvzuOhQjxFRE4cRh/ZQ2:4M88PNovvpuPbRcBTXNKO0xM7hh
TLSH A192E10420EC2C1D81B556EEFBB43054DA3BB979144213B33DABE739AFA39C6990D231
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: kfistudios.cam
Sending IP: 111.90.158.131
From: JUAN ALBERTO URBANO <grencia@cementoscauca.com.co>
Reply-To: hinduhyog2011@gmail.com
Subject: QUOTATION INQUIRY
Attachment: CEMENTOS-DOC.rar (contains "CEMENTOS-DOC.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=19OO8JKe7-QMcKpDw9hJhOie4KSCzmdVC

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 07:36:36 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f05839f9f0964e9a01e8524efc20ee738fd4c0118ff95d232c2c80e6af5c6bcd

(this sample)

GuLoader

Executable exe e8f0dd4a951cb42729e34171301bf46bd708a8c1c1c0b5b7daf2ed9036b97cca

  
URLhaus
https://urlhaus.abuse.ch/url/368700/
  
Dropping
MD5 080e97164bbdda9d0a1d3862cfea641a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8f0dd4a951cb42729e34171301bf46bd708a8c1c1c0b5b7daf2ed9036b97cca

Comments