MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47e68a3cfef9c1fdf089a895de4842eb635ce2ca180742789d445c2587d0bdcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47e68a3cfef9c1fdf089a895de4842eb635ce2ca180742789d445c2587d0bdcd
SHA3-384 hash: e7642eb49596c0542decfa26ff604109d019fca94f9e54763f5462c3af86bcb7dfdf586a2b2ef9090c8c921dcd79d72c
SHA1 hash: a8365e275f2209378f8c3e75b48c118a837a370a
MD5 hash: f9a94ec7350ef8dae02f9cbb2f48f6c7
humanhash: connecticut-lithium-delta-may
File name:New Inquiry-39832-GNMX.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:28'793 bytes
First seen:2020-05-27 17:17:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:G6kBrD8y2qjGedsn9+/2h1GDv9JxBLalx8C:5kBrD8y1unis18v/WmC
TLSH 5FD2D0260B9A6870DD759795369E0A67F6A856E3B16CF6FC033220FD1144EC88B4DA0B
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host.switchgroup-sd.com
Sending IP: 192.151.145.170
From: mohammed.alliadi@switchgroup-sd.com
Subject: New Inquiry
Attachment: New Inquiry-39832-GNMX.rar (contains "New Inquiry-39832-GNMX.exe")

GuLoader payload URL:
http://skinnybean.org//wp-admin/a1/007_WiwDCbZMN161.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 02:25:00 UTC
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 47e68a3cfef9c1fdf089a895de4842eb635ce2ca180742789d445c2587d0bdcd

(this sample)

GuLoader

Executable exe 6a4aa699e0c5c52be67ef44ccb37c96c9ec92879f2b0147d985a9e998816d343

  
URLhaus
https://urlhaus.abuse.ch/url/369934/
  
Dropping
MD5 0758be3be424243fa46f85deaa18413e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6a4aa699e0c5c52be67ef44ccb37c96c9ec92879f2b0147d985a9e998816d343

Comments