MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23fe280af4a8b387ed617ea616788b25767e6d14892735cf98652b96959cc84f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23fe280af4a8b387ed617ea616788b25767e6d14892735cf98652b96959cc84f
SHA3-384 hash: 7327466319c2a6431b1276f45a5339a3b2d70c7a305384e81436788bba0edb2bc3b3bb3a0f0b9f7f0ee64bdca003d0aa
SHA1 hash: dbf5d210fe71d8deffda023226f308c9d404a1ab
MD5 hash: fc5952542f0659abccef6ff0689bc3fc
humanhash: nebraska-mountain-charlie-solar
File name:SHIPPING DOCUMENTS_PDF.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:26'357 bytes
First seen:2020-05-22 15:04:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:yCC5NcZd4n363rkeHjSMXOa6zvh3C5bsQdAh:TvZdx3hHTqzvtQHqh
TLSH B0C2E0A28BA1E6649D34187C75F7ED722E3D80F483201651D688FCF5A99F6F0B68740E
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.nwiran.com
Sending IP: 185.94.98.43
From: NORMAN LOGISTICS LTD <info@kts-me.com>
Subject: Confirm change in Goods destination
Attachment: SHIPPING DOCUMENTS_PDF.arj (contains "SHIPPING DOCUMENTS_PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=16pdtfZQsIuTKlvUWbPTFf7qt38rdyUVy

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 15:35:45 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 23fe280af4a8b387ed617ea616788b25767e6d14892735cf98652b96959cc84f

(this sample)

GuLoader

Executable exe 69e3e7a0726435f1d48dc9d56db3a3759fb038b9c8b7506ce48e5efc5460d839

  
URLhaus
https://urlhaus.abuse.ch/url/366485/
  
Dropping
MD5 136249853c8c2103b17e948c66168e35
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69e3e7a0726435f1d48dc9d56db3a3759fb038b9c8b7506ce48e5efc5460d839

Comments