MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 568ff1a3297bfbc3a8b9fa4bf2d281f7173fd3797fa9a174dd6a080e447c426f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 568ff1a3297bfbc3a8b9fa4bf2d281f7173fd3797fa9a174dd6a080e447c426f
SHA3-384 hash: 68b823ceb05fa60db410b799f3659232902a3e7dee737c3b1221f00e5c4ff18d9f7f556b2d25adf8f10a19c0702d3c8d
SHA1 hash: 82a822899ecbb916570192d22ba5d3e4a18166ad
MD5 hash: 7f6f47e754dd1013de5a75237de17859
humanhash: triple-winner-maine-one
File name:P O 1105D.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:60'920 bytes
First seen:2020-05-28 07:35:22 UTC
Last seen:2020-05-29 08:40:17 UTC
File type: zip
MIME type:application/zip
ssdeep 1536:iJLf3gFM12FRkGsSVb8UcM3aYbQrZpefXu5awhMF:iJL/ge2Fit4QUp3aY8revZwhMF
TLSH BE5302B59C51C05920E635B2112B0852A3EBA5928BB4345DEEA850BE3DCB53C17F3E7C
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mout-xforward.kundenserver.de
Sending IP: 82.165.159.9
From: info@ag-praevention.de
Subject: Re: New order 80636
Attachment: P O 1105D.zip (contains "P O 1105D.exe")

GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.11466.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 08:34:13 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 568ff1a3297bfbc3a8b9fa4bf2d281f7173fd3797fa9a174dd6a080e447c426f

(this sample)

GuLoader

Executable exe 9099578cd8445c3215cc256f40bd04b4b83aaa3a0c3e9164441d114b3af802bc

  
URLhaus
https://urlhaus.abuse.ch/url/369174/
  
Dropping
MD5 4a392cffaac13c1b54624058db5e6d04
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9099578cd8445c3215cc256f40bd04b4b83aaa3a0c3e9164441d114b3af802bc

Comments