MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5654a745ac155f705c8a41216bbfeff470514f9cfe2c063024caeeddc3cde913. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5654a745ac155f705c8a41216bbfeff470514f9cfe2c063024caeeddc3cde913
SHA3-384 hash: e63bd4ee31ca75b817ce0d3c56dee1309c7c4ba9e909610651dd50e05b82e73bb5270f65aad2dff630d13087809c8e78
SHA1 hash: 6b876bffff5013ca737b29d7633d31ed7fe36c72
MD5 hash: 7fc1c06da2c2a4a44028e95ac0b4b098
humanhash: lamp-lima-black-cold
File name:Billing_Statement-162315070.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:51'507 bytes
First seen:2020-05-22 09:49:09 UTC
Last seen:2020-05-22 09:49:55 UTC
File type: rar
MIME type:application/x-rar
ssdeep 1536:PaGO1wXQegaMjjXwQvLdfqbyvLXSjLncC4G:SGCCQegPnnvLB1XSjQC4G
TLSH EA33F2E7079DDD51D3B1D40F589B7ADA0AB9A7C51FF89303AE8DD7380918AD20C49287
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mxserver22-out4.masterweb.com
Sending IP: 103.25.223.204
From: Total Credit Management Services Ltd. <inquiry@totalcredit.hk>
Subject: Billing_Statement-162315070; 162315090
Attachment: Billing_Statement-162315070.rar (contains "Billing_Statement-162315070.xlsx.exe")

GuLoader payload URL:
https://qif.ac.ke/komi_yUyfmoyRdV90.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27214.RarHeur.nocdb.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspected-exe-in-RAR.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 11:03:47 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
19 of 47 (40.43%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 5654a745ac155f705c8a41216bbfeff470514f9cfe2c063024caeeddc3cde913

(this sample)

GuLoader

Executable exe c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0

  
URLhaus
https://urlhaus.abuse.ch/url/365819/
  
Dropping
MD5 438e1a6a0b443e233277a1f575374241
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
  
Dropping
SHA256 ce86a2218eff30dae2862d460329e65b67d6828acc82ad220ec584f419c30599
  
Dropping
MD5 afefddd28e50144b56fd566596cc82ef

Comments