MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3daf76c16875f44f38ee0d07afc6023b3f5190840268e1f74adb53d8ad093f4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3daf76c16875f44f38ee0d07afc6023b3f5190840268e1f74adb53d8ad093f4d
SHA3-384 hash: 255f8668c150bbac62b4620511d6291d7f6252c69a6c1d3bba29be57f714f2960fa37b8eeb71b532a74923fcf7c6e82b
SHA1 hash: 9b9a9c4746bcccf1b6955916df70a7b328cd46d9
MD5 hash: baf39fa219c2bdd59e775c82353fd6b1
humanhash: march-mirror-apart-social
File name:ORDER 11024056.ARJ
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'885 bytes
First seen:2020-06-04 06:02:51 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 1536:IjFaolcSn/bluWXspRMzLbQCOASxGGle+iMknPp0naWJ+na:uaolc2DldXsLMHbQC4GGleCkOaW4na
TLSH 1D7312FC3A49A5FD755E1AEEFB15E628218D3FF1B7C8482AC9C2208DDC55102CB0A6D5
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ardeshir.r1host.com
Sending IP: 185.187.51.3
From: Devidas R <cherrysammy101@gmail.com>
Subject: GALFAR ENG.& CONTRACTING SAOG ORDER
Attachment: ORDER 11024056.ARJ (contains "HOUSEKEEPE.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1JB6-07Y-2ABgBQDUUS0Ohd85ph1XbBG5

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 08:04:38 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hwxxnqliox2e6ohobud27rqchm7vdeeeajuod52k3nj5rlijh5gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 3daf76c16875f44f38ee0d07afc6023b3f5190840268e1f74adb53d8ad093f4d

(this sample)

GuLoader

Executable exe b28979b7f1556cd0bb27792860e5f1400b8e26deeab966c92c3bc7da97b4f8f7

  
URLhaus
https://urlhaus.abuse.ch/url/376188/
  
Dropping
MD5 cb4860573537266f57b9baebb12ba78c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b28979b7f1556cd0bb27792860e5f1400b8e26deeab966c92c3bc7da97b4f8f7

Comments