MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6619464c4f87b94065a75d7f9f33fb63dfc11c7f5251a2d90952ee725393b516. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6619464c4f87b94065a75d7f9f33fb63dfc11c7f5251a2d90952ee725393b516
SHA3-384 hash: 07f9cac10d6d3158a28ac09b57c87194a47f0aefd525748a316fbc0bece04b0baef989433fba77a59e5151c08d6f5476
SHA1 hash: 35fea90be620cafb6c03df730db9eff5c62d17eb
MD5 hash: 785654c8b2517fcbe112bf04ce92f20e
humanhash: fillet-steak-angel-one
File name:NEW PURCHASE ORDER_22052020_pdf.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'667 bytes
First seen:2020-05-22 10:14:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:DivjcVAROl/pPmNThEwlZHRU0zaZqt2OJjc5XuQAC9AHLxgfwsaFcINgR7DPQmyU:GqEOl/8NThECHRU02ZEDEA/tF5NUHPL1
TLSH 06B2E08D2CC1D790D636A936AEA82124C14DEEB02D8C52DF44F968E1C3CCBCE7929659
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: s1.smallhost.in
Sending IP: 103.46.239.70
From: lbbakes@rabdos.co.za
Subject: RE: (Urgent) Vessel_5748- Arrest on court Order
Attachment: NEW PURCHASE ORDER_22052020_pdf.arj (contains "NEW PURCHASE ORDER_22052020_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1QHr-1JPHjLiZaEeJT-6RGU0abR7Nf5Wb

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:36:56 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6619464c4f87b94065a75d7f9f33fb63dfc11c7f5251a2d90952ee725393b516

(this sample)

GuLoader

Executable exe ecab33f5998dc995c200750f575b8571ae2a9d00b8264ed557be2d651230064e

  
URLhaus
https://urlhaus.abuse.ch/url/366527/
  
Dropping
MD5 769e0e66e0f9a1724da3940d7fee3b26
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ecab33f5998dc995c200750f575b8571ae2a9d00b8264ed557be2d651230064e

Comments