MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19a0cd081567fd9a07f047c20ff39f803d1d7e269f427251e52d05345e433316. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19a0cd081567fd9a07f047c20ff39f803d1d7e269f427251e52d05345e433316
SHA3-384 hash: dc5b6ace0e903e12bf85bca89c8b6b4de8ce7f43897524669decfe05ac341e9784c0b6cc2040080394758d67f982c36b
SHA1 hash: 1620ddee461be61dcafc21df18ecf33bf5072886
MD5 hash: 5b511c6170c167285ac23839c2b8ea17
humanhash: jersey-monkey-massachusetts-september
File name:TT SLIP_WA0085176.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'678 bytes
First seen:2020-05-27 18:24:50 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:1Oht2JpS522qPX3n9t8hYd4IlOGj2xWXVaRaIvw6FR7kIhf2RpcymG2CGMp0R:sQJAYTPXD4YdplmqEBRDhf2RSyl4
TLSH B913E1421C97CDADA2643C6320FE57EB4A4E91691D30C6C8690BF5EC4BF2FB2E519290
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: alliedcpa.ug
Sending IP: 37.49.230.76
From: accountspay@alliedcpa.ug
Subject: bank transfer confirmation REF: 34128905
Attachment: TT SLIP_WA0085176.z (contains "TT SLIP_WA0085176.exe")

GuLoader payload URL:
http://37.49.230.180/MYFTPSTUB_ICGTElzNL218.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200527-1304.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:40:25 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 19a0cd081567fd9a07f047c20ff39f803d1d7e269f427251e52d05345e433316

(this sample)

GuLoader

Executable exe 879e7676629e99b237cfb7781fbeea4442ed20c4c72f1e0a64aa596365c53d40

  
URLhaus
https://urlhaus.abuse.ch/url/369972/
  
Dropping
MD5 01960417a3df5f3d683863b53825460b
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 879e7676629e99b237cfb7781fbeea4442ed20c4c72f1e0a64aa596365c53d40

Comments