MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 060ef5eb364d852843b2b68b8153ff5e19832e633bd1dab71faba132277e5937. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	060ef5eb364d852843b2b68b8153ff5e19832e633bd1dab71faba132277e5937
SHA3-384 hash:	afa1874aeb1f6293a6836b0bb7baad43a22ac6d3545a68189620e536b0b9224fcee176908a27574eeed56a5c583ea33f
SHA1 hash:	90b961f2c9dfd38297c42461cd5ac344fcd3eed8
MD5 hash:	5ed8ee7841d58830801f8fe775c99142
humanhash:	saturn-salami-friend-bacon
File name:	Order 20051987.gz
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	31'547 bytes
First seen:	2020-05-27 17:14:12 UTC
Last seen:	Never
File type:	gz
MIME type:	application/gzip
ssdeep	768:sceVrUueaWy9APy1qYCc0pnjdf1WUWe0UsP5JhVlBtZBRV5H:0VTe+PIvpjVjGZP5bbVH
TLSH	EAE2E1037203A6E8648D7E7D40CE63C4AFB29683DBDC1A1E5D6D608FC551CDA97D6708
Reporter	abuse_ch
Tags:	GuLoader gz

abuse_ch

Malspam distributing GuLoader:

HELO: slot0.cn-nakareg.com
Sending IP: 45.95.169.32
From: Purchase <info@cn-nakareg.com>
Subject: Re: Order PO20051987
Attachment: Order 20051987.gz (contains "Order 20051987.exe")

GuLoader payload URL:
http://baritaco.com/build_VZiETVXFTj172.bin