MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48bdb92c1fb26ffd31ef8da72a1e9d2a04fbf0505112a5575f089f35091cd0b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48bdb92c1fb26ffd31ef8da72a1e9d2a04fbf0505112a5575f089f35091cd0b1
SHA3-384 hash: 62ccc3c6b36c481b73e484319d7c3a7f06e8d0301277645c7bdc528bee96dc3c621caf4d22aa97cb6d2c4b6a91b9abf4
SHA1 hash: 5b34ccec4947b7f4db58092074675ad7c1ce83b2
MD5 hash: 55821fb5a193a8ed9e28d7274023c08e
humanhash: hotel-lemon-video-michigan
File name:Ashraf Sadaqa_PDF.ace
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'253 bytes
First seen:2020-05-22 09:48:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:6J+DViLoOSFoWym8bFoMxQY/ZjgNj6ss6nI7peoZ/Lw2cbZkN2LZKeLFYIu9M5vX:60uyoNvW+ZUXnoooukb6udviUw3OUn
TLSH C0B2E14E0AB6183F500D763BC3512B72B690DB40AC3076B22C51ADD96ADDF9A275486F
Reporter abuse_ch
Tags:ace GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 37.49.230.26
From: asmahabsyi30@gmail.com
Subject: Fwd: Re:Re: QUOTATION Ashraf Sadaqa
Attachment: Ashraf Sadaqa_PDF.ace (contains "Ashraf Sadaqa.crdownload")

GuLoader payload URL:
https://hosseinsoltani.ir/bin_UQAoUX24.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 12:45:43 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 48bdb92c1fb26ffd31ef8da72a1e9d2a04fbf0505112a5575f089f35091cd0b1

(this sample)

GuLoader

Executable exe f3691f40ec472e4bc10cd7855fce1e52a6e177513c1cff51054463cff7106601

  
URLhaus
https://urlhaus.abuse.ch/url/366498/
  
Dropping
MD5 6346c557f7e9c0a6d6da3dccc89e79f5
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f3691f40ec472e4bc10cd7855fce1e52a6e177513c1cff51054463cff7106601

Comments