MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 316c5bcca13857744a9b16bd746c3ececd5ce384a2bb2532cd5ae20afb37e29c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 316c5bcca13857744a9b16bd746c3ececd5ce384a2bb2532cd5ae20afb37e29c
SHA3-384 hash: cf1aba4b2710caaeb0bb5a1f4a40a4d3b5d6a6f15a2e16e1dc7d1158fdad9ae8d5104089793eb0ba4d173a6eb3758352
SHA1 hash: 0a39a309cfafec47ef421ec6870df4356ccc5c0b
MD5 hash: a8bc7520b5d748317c7c793d36889d4f
humanhash: kentucky-montana-wisconsin-sodium
File name:revised PI.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:32'474 bytes
First seen:2020-05-27 17:38:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:aWFTvQ8KrqDQqbC8JiIM1D/t1EgFK65wN+3K5vRF6gqGA:zxQS1+80L1DXht3mRFM
TLSH 4FE2E0CF75FD2E17DA982CE79142436E70961200D9A39A8FF6A04FDF8BE185BF51014A
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mx.vvillowood.com
Sending IP: 195.231.83.76
From: Accountant <sales@vvillowood.com>
Subject: Revised Pi
Attachment: revised PI.zip (contains "revised PI.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1wNuzCrHZbHRI08BFtmG1fVs6WAOpl9Nz

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:58:05 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 316c5bcca13857744a9b16bd746c3ececd5ce384a2bb2532cd5ae20afb37e29c

(this sample)

GuLoader

Executable exe 7c3f51dbc6e2a20b4042e6f4284c7ffafc37b8238d929fef10efc50794fbad3a

  
URLhaus
https://urlhaus.abuse.ch/url/369979/
  
Dropping
MD5 4ad2ba50ea8bde023774c910c0cb74d9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c3f51dbc6e2a20b4042e6f4284c7ffafc37b8238d929fef10efc50794fbad3a

Comments