MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f2e5e1fb87ca9e129fef76dd0663717b434cb0a795b385236c94d4d1e711584. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f2e5e1fb87ca9e129fef76dd0663717b434cb0a795b385236c94d4d1e711584
SHA3-384 hash: 3c8ca2d9e89e054933f7cd1f623104af254e79e0c73a48064d19fadd192190ada37fbfb5df43629f442e2227abee1345
SHA1 hash: 6dfb9c988ca6b35d9e93f8c2b82d52f23217f06c
MD5 hash: 352c1c7b08197dd44028c0c3e7971c77
humanhash: social-tennessee-arkansas-alabama
File name:INQUIRY.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'500 bytes
First seen:2020-05-27 16:47:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:ghbWyBw4SRkC3oeuWdUYKHqIuxqdK3jk5kPJZBH:ghbV5CkmoeuWTKWxVjTB
TLSH 83D2F1B394CCE01E5D0CD76A4A2A101D3539F7C699A112C4AED7708598D2F29FB1E4CF
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: whm.mastertindo.com
Sending IP: 103.103.192.221
From: Howe Robinson Partners/ SNP <snp@howerobinson.com>
Subject: CARGO INQUIRY
Attachment: INQUIRY.rar (contains "INQUIRY.exe")

GuLoader payload URL:
https://cloudfiree.ga/mana.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 01:13:49 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 2f2e5e1fb87ca9e129fef76dd0663717b434cb0a795b385236c94d4d1e711584

(this sample)

GuLoader

Executable exe 243a2b578261be1f29edf7c38a2c2b034bdf7b05591d5cbd8d386d3b2d003c20

  
URLhaus
https://urlhaus.abuse.ch/url/368736/
  
Dropping
MD5 526e9ed945b7ad90d76f0fa6afed0554
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 243a2b578261be1f29edf7c38a2c2b034bdf7b05591d5cbd8d386d3b2d003c20

Comments