MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18021429925bca12eb1c9131b2e41097428c1ed26bab680eaa9d51e7de98a136. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18021429925bca12eb1c9131b2e41097428c1ed26bab680eaa9d51e7de98a136
SHA3-384 hash: 074c91a38851eef17f3b7eec0458d0e3fcef8852b03acc3a165f794f46023991ef3eb3af15c63f8ca00ffef55b41c4d3
SHA1 hash: f857acc7061098546917e60e5d957f02542f31c7
MD5 hash: 3a8647e08805ba38d36571ac3d936a40
humanhash: early-massachusetts-one-friend
File name:SOA052020.pdf.ace
Download: download sample
Signature GuLoader
Create hunting rule
File size:28'119 bytes
First seen:2020-05-26 13:38:40 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 768:TW0hkTWxrg+DRx0VO5/dGU/wYcwnaPUGxhaX0XHJbgtV:TWzG1DRx0V2/T/HcwnWrpgtV
TLSH E3C2E128199B95F7ECF68030FF1A25CF0511C427E6B2DD592A25B8C091ACFC3D2B2A13
Reporter abuse_ch
Tags:ace GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.mailbox.co.id
Sending IP: 202.182.57.40
From: Fadhlan Dani <dani@mailbox.co.id>
Subject: **TOP URGENT** Outstanding SOA/Payment Advice
Attachment: SOA052020.pdf.ace (contains "SOA052020.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=11M7M9sK_A6jz-zYNOEbg3_vlLiJ8T9GL

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:35:52 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace 18021429925bca12eb1c9131b2e41097428c1ed26bab680eaa9d51e7de98a136

(this sample)

GuLoader

Executable exe aa37bcba59760edc9f4242c1e6bb619c04d98c6d4b039fee3aee88bac894c21b

  
URLhaus
https://urlhaus.abuse.ch/url/369176/
  
Dropping
MD5 a2311eb2a29ee07d821723419cbab35b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa37bcba59760edc9f4242c1e6bb619c04d98c6d4b039fee3aee88bac894c21b

Comments