MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3359948c389f63bc1f2c03133cb7c276289bcc4a4c2df16b8e86729eba76688f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3359948c389f63bc1f2c03133cb7c276289bcc4a4c2df16b8e86729eba76688f
SHA3-384 hash: bc6925278083e02c0be3f350853df0f91df082dab25578fd05c0f6dcb00254c39740a3eb4eb63ac0a944724c9eb44635
SHA1 hash: b8a7c50b8d53a6303c441afbddf3ac7bb6a33141
MD5 hash: 37604109c45937635d83da8598551d14
humanhash: artist-burger-solar-south
File name:New Company Circular May 2020.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:59'067 bytes
First seen:2020-05-28 07:06:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:uk/Xrtem3sW0jQ3YAjgGiuISmedPY9xHP3N:uHOsW0jGY1ufdPY9xH1
TLSH 414302490A51817B7E08B0B903CBE7B453F06C41526869FD878397FF8DDA363A585ACA
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: victim-domain
Sending IP: 193.142.58.53
From: victim-email
Subject: Emailing: New Company Circular May 2020
Attachment: New Company Circular May 2020.zip (contains "New Company Circular May 2020.com")

GuLoader payload URL:
http://pashupatiexports.com/bin_hzgJnJgi173.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Noon-7585277-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:36:54 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 3359948c389f63bc1f2c03133cb7c276289bcc4a4c2df16b8e86729eba76688f

(this sample)

GuLoader

Executable exe 770dd4f21e05b0212382997ba4de342c4afc663c2867867432ca06cc9e93bbba

  
URLhaus
https://urlhaus.abuse.ch/url/370269/
  
Dropping
MD5 47e61565d91bfe8c79e51c08dec87bae
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 770dd4f21e05b0212382997ba4de342c4afc663c2867867432ca06cc9e93bbba

Comments