MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6351a55067bf397580b92dd9f98ecd1c68a5a4b1cb23e83ca69954d8ada4cd00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6351a55067bf397580b92dd9f98ecd1c68a5a4b1cb23e83ca69954d8ada4cd00
SHA3-384 hash: f23910844b43441f7800491b9acc465c2a64c98add46c17a87b2de3f60cb7f6b74fdda3907b934b2394e9fe41ee9371b
SHA1 hash: 7f97eef4b5fe3afaeaa8679a720d2244f290fd73
MD5 hash: 835388bd3a3f3a1d5d5e8c7c0fa7f541
humanhash: georgia-johnny-two-lemon
File name:ADHOC RFQ-97571784.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'669 bytes
First seen:2020-05-20 14:38:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:9fX2DggAr8reF+1WVrF/uCj61RIgN18Ac3dtNe:lX28gAr8rPm9ljUNiDdW
TLSH 95B2E14143F93DBE160843B9E3F3715E8D4CA40916E1683F510AA59325F66BE4BF5C1D
Reporter abuse_ch
Tags:GuLoader HSBC rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 162-241-214-233.unifiedlayer.com
Sending IP: 162.241.214.233
From: HSBC Advising Service <manager@emexapparelcorp.community>
Subject: Payment Advice - Ref: [HSBC105702520] / Priority payment / Customer Ref:[PI1007057QT20]
Attachment: ADHOC RFQ-97571784.rar (contains "ADHOC RFQ-97571784.exe")

GuLoader payload URL:
http://www.mailserverservices.info/bin_WLVtNygBmy177.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 15:35:28 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mni2kudhx44xlafzfxm7tdwndrukljfrzmr6qpfgtfknrlnezuaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 6351a55067bf397580b92dd9f98ecd1c68a5a4b1cb23e83ca69954d8ada4cd00

(this sample)

GuLoader

Executable exe 9ebbeaf380d12e97972f57de2e052f1e043370d0be0bcd0deb3ebc5334cc68a2

  
Dropping
MD5 542a48e9c093374b9623d36bb8ff33c4
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9ebbeaf380d12e97972f57de2e052f1e043370d0be0bcd0deb3ebc5334cc68a2

Comments