MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60d73d403158b2d410a20a399b55983504489e5b3b85ef4ce4f3fd0cc1cc0499. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60d73d403158b2d410a20a399b55983504489e5b3b85ef4ce4f3fd0cc1cc0499
SHA3-384 hash: 261e1ae877011a5046304e71e3fd7b00290bf619515dae18697586cd8ec3cdfbab241e360b4cec368a1add1888a7a2b1
SHA1 hash: 09981f019fb35b9216577165471ab1e04d1fd30d
MD5 hash: 3ca0f81d598b3e10d7356531cbedbf48
humanhash: sierra-twelve-mountain-lamp
File name:PAYMENT INSTRUCTIONS COPY.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:23'885 bytes
First seen:2020-05-22 15:03:42 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:Rr0s/a0/vRH0sMltoUuu5unTa75gbv+s2BZuZrz2g+41I1Hn+JeprxwrnZzkG4hw:il+HglDuquUiGmZegb1IxwkONND
TLSH D8B2F1FB5F18955CB1AF9A3F830450EDDA7DEB1234F52D598402C03428B9672775AE11
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ss0109.hostingcare.net
Sending IP: 138.128.162.42
From: Faye Segal <info@drivus-industry.com>
Reply-To: ukcompany20@yahoo.com
Subject: RE: PAYMENT INSTRUCTIONS
Attachment: PAYMENT INSTRUCTIONS COPY.gz (contains "PAYMENT INSTRUCTIONS COPY.scr")

GuLoader payload URL:
http://creativewg.com/baby_zLlTwqAf177.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 15:35:48 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 30 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 60d73d403158b2d410a20a399b55983504489e5b3b85ef4ce4f3fd0cc1cc0499

(this sample)

GuLoader

Executable exe 5fc23e159d21753ca7140091700214b2c277d0f94e80280b58bbfda43930e7d2

  
URLhaus
https://urlhaus.abuse.ch/url/366788/
  
Dropping
MD5 95211084ca6d765254538d958da1dc33
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5fc23e159d21753ca7140091700214b2c277d0f94e80280b58bbfda43930e7d2

Comments