MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e7343b260d364d28d04a497c8903183ed87133612a7937a62638b513e29aea2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e7343b260d364d28d04a497c8903183ed87133612a7937a62638b513e29aea2
SHA3-384 hash: 60306a889ec86776c8f2473b1dd15f1cedfcf7b639058fd96663a008a1d1084459ed6bdcba271ff6e0066e56c2cbc8ca
SHA1 hash: 71b69f3a3d2f3eba9b70d9937bf140c55fe4cb14
MD5 hash: b56c81a8190a4d80ce861239f77a9115
humanhash: network-friend-beer-saturn
File name:INQUIRY.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:27'377 bytes
First seen:2020-05-25 13:21:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:adU1xd8mT0oS8tHgjUZD4iM+8I5Ry2pciDV4CEPe+sE2vcab:GYx+oS7jUZPL55c2CqER60ab
TLSH 77C2E08F70C496BC3E1334AC4D6F2AE010FE5ADB215257B90867A4128FE6090FF963A4
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: rdns0.royalsteelballusas.com
Sending IP: 79.124.8.210
From: Gregg Ferstman <sales@royalsteelballusas.com>
Subject: REQUEST FOR QUOTE
Attachment: INQUIRY.rar (contains "INQUIRY.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=17xH1VnN_Jd85lX_W6DEAsis39ggxwL5_

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:36:41 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 1e7343b260d364d28d04a497c8903183ed87133612a7937a62638b513e29aea2

(this sample)

GuLoader

Executable exe 926ec7dc836ef4afe00029fa18c2dcf7ed49b41b24d884dfe6173c63a0329b50

  
URLhaus
https://urlhaus.abuse.ch/url/366514/
  
Dropping
MD5 823fb471a14d74fe047f9b5ca5e3ed57
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 926ec7dc836ef4afe00029fa18c2dcf7ed49b41b24d884dfe6173c63a0329b50

Comments