MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f8294d7f591e3c2542f26465eb0379ec1f54a02a91e84e7b5a5bc70f16ed28b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f8294d7f591e3c2542f26465eb0379ec1f54a02a91e84e7b5a5bc70f16ed28b
SHA3-384 hash: 003b21b367bd5b980c8e3c54070126d58fd52b5ef436771620f889fd747ccc11904bb855a8ac8141c9c3bac8df2963a7
SHA1 hash: 07dbfdfd2b4b7ce8ac249c59d646d853066c8966
MD5 hash: 517266a54c614dd19cb58a82b50f106e
humanhash: nine-helium-oscar-bravo
File name:Price list.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'387 bytes
First seen:2020-06-03 13:33:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:klJlYbxfwEX6Ss5Bw4gMq1iIMhMX4eUhqHELgmxNvU7Zg:U8bJwEX6Su2IqHMhMEq2g2e7Zg
TLSH 4F7312D36578DD336794D81B373462644E3542A7E7200E8A51BB360A20E84AFA7DF47F
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: intellectualpropertylegals.org
Sending IP: 162.144.88.186
From: Joanny Vento <sales1@russel.com>
Subject: Request for proposal for HORACIO LlC
Attachment: Price list.zip (contains "Purchase Order.scr")

GuLoader payload URL:
https://ht.sarahparkonline.com/bin_uVsysb120.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20785.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 15:32:27 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d6bjjv7vshr4evbpezdf5mbxt3a7ksqcvepijz5vuw6hb4lo2kfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1f8294d7f591e3c2542f26465eb0379ec1f54a02a91e84e7b5a5bc70f16ed28b

(this sample)

GuLoader

Executable exe 5e76ddd6dfa4215c3dbd7269318d15a5e5fae698e65600df0aa3f16639d8fc44

  
URLhaus
https://urlhaus.abuse.ch/url/376021/
  
Dropping
MD5 18ffdcd9bce0e9ad1eb45e8d838049a5
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5e76ddd6dfa4215c3dbd7269318d15a5e5fae698e65600df0aa3f16639d8fc44

Comments