MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1129a87ea9f5b6ec25a6221f057a96343b5ef29b7f58b907eea64b9c37659efa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1129a87ea9f5b6ec25a6221f057a96343b5ef29b7f58b907eea64b9c37659efa
SHA3-384 hash: 09b559b1fe1c54afb006b3fb59c70f677d74f7850ff56594fce3fc234d2f6afad03b9f3953d79ab1371e35987c2aea27
SHA1 hash: 6b70b241779d3a6dbf723c3840d5c2d55b2c70a9
MD5 hash: 1e52446d1dbeb4fbccfeb91ee178cde3
humanhash: uranus-india-muppet-oven
File name:Oligomyodaeu.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'848 bytes
First seen:2020-06-02 11:16:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:HlOwuri6AQsK3N+lvNbifkM2DtR6TkIEzlz2uwb6lhwpOYIWc:HMwyi6TsXnb/B6QIiz2LVplIx
TLSH 85F2E168456132AAA28BB79327E4EECC0E8F1F300156B687BDDC4BF28D88515A13D537
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sungwon7.co
Sending IP: 111.90.158.36
From: Lauren <lauren@sungwon7.co>
Subject: FA 2374 LDS TEMPO JACKET.
Attachment: Oligomyodaeu.rar (contains "Oligomyodaeu.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1XIoGRak8bHaUYIzpo8DkcruJ_Mlrs_Lj

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Symmi
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:06 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ceu2q7vj6w3oyjngeipqk6uwgq5v54u3p5mlsb7ouzfzyn3ft35a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 1129a87ea9f5b6ec25a6221f057a96343b5ef29b7f58b907eea64b9c37659efa

(this sample)

GuLoader

Executable exe 9ba9dbccef86d6630e4db6c7538eb4043232c7f234c1377eacdaa6543d2b8af3

  
URLhaus
https://urlhaus.abuse.ch/url/374269/
  
Dropping
MD5 6b8b96ee955ec2a554dd95976974f4b6
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9ba9dbccef86d6630e4db6c7538eb4043232c7f234c1377eacdaa6543d2b8af3

Comments