MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10c214bd4b1c001259445c831a5ed5682d2e2cde4e40966d0f1d1ed0cb3f7ba7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10c214bd4b1c001259445c831a5ed5682d2e2cde4e40966d0f1d1ed0cb3f7ba7
SHA3-384 hash: 09657f96a5d404f34f7431be29f036b86b5c898b5ffcc2e20c0968e66675f8c8ac11fde92e677a9d6f47de8cf433dc65
SHA1 hash: b067e3480e55f86a0881184255cfaac0a057d0ad
MD5 hash: 22e596c5483578637209810c7b1551ad
humanhash: emma-eight-alpha-white
File name:PO8212605_xlsx.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:30'405 bytes
First seen:2020-05-26 08:56:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:9h/NI5Bnrv+JZl2Z+4dGCBsfEKnXUZCOqIF/:3NI5hvkT28ofBscKkZCOd
TLSH BCD2E187BC5C4BC9D72B012DB07B15BF04F652F48D10BDD04AB9018EEA71E9C6A26D9B
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-m24146.qiye.163.com
Sending IP: 220.194.24.146
From: Sales <yuanyanqing@szkse.com.cn>
Subject: New Order (Urgent)
Attachment: PO8212605_xlsx.zip (contains "PO#8212605_xlsx.exe")

GuLoader payload URL:
http://legalpros.lawyer/bnnb/biggrc_kdfVRBR160.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Guloader-7900546-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:41 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 10c214bd4b1c001259445c831a5ed5682d2e2cde4e40966d0f1d1ed0cb3f7ba7

(this sample)

GuLoader

Executable exe 5cc55fa0f006fc7c39f68a9aa2d7c2debe52c0e9f8ee955bacced2cf0d2aae8b

  
URLhaus
https://urlhaus.abuse.ch/url/368754/
  
Dropping
MD5 a30b0303cf068f7e683a56d4ac20ef9c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5cc55fa0f006fc7c39f68a9aa2d7c2debe52c0e9f8ee955bacced2cf0d2aae8b

Comments