MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd54325fba167e3c60263a5171662a04014f73b66251119b82c16d01b2ed7d4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd54325fba167e3c60263a5171662a04014f73b66251119b82c16d01b2ed7d4e
SHA3-384 hash: b36dbfc74c65402511daaecc78287597713241b7d0c284766aae81a9fd500974529a8f991c97938de72f2195dafac3d8
SHA1 hash: 1198a5616c48997179a725b4713aec83538d5e84
MD5 hash: 69454713b8e55196191faa9cbf190686
humanhash: colorado-berlin-delta-fifteen
File name:NEW ORDER_0024091.ARJ
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'601 bytes
First seen:2020-06-10 06:51:37 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 768:g0VybYAanDY8JSPVYm7amLa/Q37k+dqvGrxHyxa:gKManE5tYm0SgJGdHx
TLSH 53D2F1E82A8FF6D969F2C8A4344EC3BE59B9F0F9200D5D08D58C7A98324317924B6747
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: loft11155.serverprofi24.com
Sending IP: 188.138.57.207
From: Katia Jamieson <katia.jamieson@faber-castell.com.pe>
Subject: NEW ORDER_Faber-castell
Attachment: NEW ORDER_0024091.ARJ (contains "anisalsupercu.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=115ym8Wl6M_jzLJIwzT-6p9OidXfQDvL3

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:53:04 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7vkdex52cz7dyybghjixczrkaqau645wmjirdg4cyfwqdmxnpvha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj fd54325fba167e3c60263a5171662a04014f73b66251119b82c16d01b2ed7d4e

(this sample)

GuLoader

Executable exe 0ff7a063a7cb0d3253dbbe024a560b86c267b2a6e3a4d355f993e0e4361b6450

  
URLhaus
https://urlhaus.abuse.ch/url/385251/
  
Dropping
MD5 3cad4a9f92bdcf2da8a9f471457b1169
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ff7a063a7cb0d3253dbbe024a560b86c267b2a6e3a4d355f993e0e4361b6450

Comments