MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 106b5417a47e5335c8655ee63195cb02966a4a2c0d29dfed0b41f16e54840165. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 106b5417a47e5335c8655ee63195cb02966a4a2c0d29dfed0b41f16e54840165
SHA3-384 hash: 77aa431da8dc58cdfa2c6e6444fc8673ef768a6f408029a04287bf5c58e83d79d5e7ba3cd6f1e1def37d87a3b6abd938
SHA1 hash: c9a4d124282ac07fbbcd695efc3ece8c7bd8ff1b
MD5 hash: 7daa549c1f6d04d81e9552949161cd06
humanhash: mars-leopard-mirror-idaho
File name:Rfq_5262020.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'001 bytes
First seen:2020-05-26 13:43:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:P7UhUpZdNzA17ncCctvfzt0NMESGFvXWTL7Z3Jqo5WMROyuWuoho2hbo/rQV1hOe:P7Cq9AXctTtMDFO/7ZJqo5hDyo1RBF
TLSH 2AD2F1751838D9BB0C6721EE714413FA21F389D48624C90E2DBF26392F677D351989F2
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ibermedia.infortelecomhosting.com
Sending IP: 84.246.211.14
From: Jose Manu <Josemanu@Ioxamhune.com>
Subject: SOLICITUD DE MEJOR PRECIO
Attachment: Rfq_5262020.rar (contains "Rfq_5262020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1zvrrvUqlA2KJtbwotp4C1VRhtMaH32ea

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:35:51 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 106b5417a47e5335c8655ee63195cb02966a4a2c0d29dfed0b41f16e54840165

(this sample)

GuLoader

Executable exe 357da0bf73b530332a9e7eb1a42feb0a95c275cec70bd3974f9de1b3876b7355

  
URLhaus
https://urlhaus.abuse.ch/url/369189/
  
Dropping
MD5 bc95cf10b7551af6494256eb8a45fa75
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 357da0bf73b530332a9e7eb1a42feb0a95c275cec70bd3974f9de1b3876b7355

Comments