MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 365cce5303a894ebe65ac92c7ca635fd006bd5bea8111dcde21a558845d94a36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 365cce5303a894ebe65ac92c7ca635fd006bd5bea8111dcde21a558845d94a36
SHA3-384 hash: 184c07359423ae72539675f6b9f2e58c81852ad283f1e9f2bb71ba8e01a7a032609f4a9aabee5971785904688bf2f2a0
SHA1 hash: e182644f23a64b3cf9a84462aecbc86bb80895cc
MD5 hash: a760f58873ab45e73d5bb9ebaf3ada69
humanhash: cat-football-jersey-sierra
File name:INVOICE.r00
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'962 bytes
First seen:2020-05-21 10:28:18 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 768:kQGUwG8FfsOCDAFPS9RR1k9gP4aF0EFo8Ds8:jGUn8FfIDpTjqc
TLSH 71B2E1D0069DEC03A6FD2E81FC41227E59A9E90478013ACAEA719EFD147B7F0A8B1D55
Reporter abuse_ch
Tags:GuLoader r00


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mout.kundenserver.de
Sending IP: 212.227.126.135
From: ketanmehta@ketanchemicals.com
Subject: SIGNED INVOICE
Attachment: INVOICE.r00 (contains "INVOICE.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1kOY5_Vo11zm_999-ULdk-xGEozO-Fbvx

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:49 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gzom4uydvckoxzs2zewhzjrv7uagxvn6vair3tpcdjkyqrozji3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r00 365cce5303a894ebe65ac92c7ca635fd006bd5bea8111dcde21a558845d94a36

(this sample)

GuLoader

Executable exe f01984aa9f7805e8261655cfad5f92a5e06e48170d6a9fb41e5a2c22bfedec6d

  
URLhaus
https://urlhaus.abuse.ch/url/366140/
  
Dropping
MD5 07364f7f18ad4314de169ca0d3798840
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f01984aa9f7805e8261655cfad5f92a5e06e48170d6a9fb41e5a2c22bfedec6d

Comments