MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39c622766784520ea675ef5b1610724c4553d89fe44935c2e445139112cf1622. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39c622766784520ea675ef5b1610724c4553d89fe44935c2e445139112cf1622
SHA3-384 hash: 9bdd0e715adcb23d8f47d51aad484b82aa91aac35df605eb4ff8ec9cecc1075c88df7a2ce1c46b7650b5173f62296f6c
SHA1 hash: 927fdc7b7d1a054fa03690b84d158ea7487b3f29
MD5 hash: 84faeeab2f5bb825fc0486703541022a
humanhash: berlin-hotel-asparagus-skylark
File name:FR30005677.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'628 bytes
First seen:2020-05-27 18:24:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:/38s4Fa0RuFYZfv9H1h6Yn33tnJqM5l3Uv1BHVwIc/K:/MXRSYZfv96Yn39YOl3wB1gS
TLSH 3EE2E1E28C8646787CA93BC41C2FB62965E8A3AB44FCDC414944A4E713D2BD837B911F
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: qproxy2.mail.unifiedlayer.com
Sending IP: 69.89.16.161
From: Administracion <info@fedizseguros.com>
Reply-To: info@fedizseguros.com
Subject: Factura..
Attachment: FR30005677.zip (contains "bevaringsplanen.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1XoQk8mADNQtEgoydawdu5u3kezf8-jKu

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.hm0@FOUyLZmi.6828.9602.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:15 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 39c622766784520ea675ef5b1610724c4553d89fe44935c2e445139112cf1622

(this sample)

GuLoader

Executable exe ce6a9d0932b32e04de770ffb0083b1078ad11df9b7ca0528f9b391872a6a4db2

  
URLhaus
https://urlhaus.abuse.ch/url/369973/
  
Dropping
MD5 50ac97cce436e44c80ed55d7208e1f11
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ce6a9d0932b32e04de770ffb0083b1078ad11df9b7ca0528f9b391872a6a4db2

Comments