MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b917726fde3a75775404358f91a72f112c34c5820542b5e1f5612bf8887c899. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b917726fde3a75775404358f91a72f112c34c5820542b5e1f5612bf8887c899
SHA3-384 hash: e44ce986914e0bd2366bd499d0df78db5839f6f7d115a6cc6f937e7fd04e5bada4c17ea4f23ce2722c43584caa59d550
SHA1 hash: 104e82fc98486fc5ac2987279d37edb4cdb6bfe0
MD5 hash: e908fb699b45847b06bfde7c73d1a37d
humanhash: beryllium-foxtrot-shade-robert
File name:PAYMENT.r00
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'291 bytes
First seen:2020-05-21 15:34:49 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 384:EUYzWaDpuyvvP9c3S2agWME8L57RGh6aa6pvLQk8K6PUC7+VuaoXidPL2YsM6zz+:nY6aDpuy/iiIZ5ghJagvLRDuM0S
TLSH E0B2E17D911F158FD3628A1022EB4DD59AB05BF635E87DD8450DAE0AD680043E525FF8
Reporter abuse_ch
Tags:GuLoader r00


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 126.smtp32.hitspam.net
Sending IP: 103.118.158.126
From: info@maggiemedical.com
Subject: APOLOGY-DELAY IN PAYMENT
Attachment: PAYMENT.r00 (contains "PAYMENT.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1GrriB-y0GHVNfy769A45ViwLOQEH4NEo

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 15:35:39 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r00 3b917726fde3a75775404358f91a72f112c34c5820542b5e1f5612bf8887c899

(this sample)

GuLoader

Executable exe 007062a34e83708ffb082b43d65c65bb245a5dfb699bd7d455400c1ecf8ca9fb

  
URLhaus
https://urlhaus.abuse.ch/url/366247/
  
Dropping
MD5 c25b4210919851c48b723f9537b1fbd1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 007062a34e83708ffb082b43d65c65bb245a5dfb699bd7d455400c1ecf8ca9fb

Comments