MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a7530c0fa48f0783631d8eaf91718c577d8e73230f9ebc896dfd501ed061d3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a7530c0fa48f0783631d8eaf91718c577d8e73230f9ebc896dfd501ed061d3d
SHA3-384 hash: ad4670bf741a6f9c9458164b92dd98d2aff37f718de2d4ed13565d08a71decc45245cc52e1069626acc872be3fa94c48
SHA1 hash: 4662c73915f79e3126afb7f6eb9887cbad6a209a
MD5 hash: 73625f1fef6a5cc9aee2baee460d5ee7
humanhash: stream-apart-mockingbird-green
File name:Telet order.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'467 bytes
First seen:2020-05-27 16:46:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:UsW/TNj0XxrL6WZib7Pb41GMWZ/sxG1V4d6qVb:8eXx6WC78LhVb
TLSH CDE2E0DC1CDC6CC5E84A8E74E84343DE84620D11E91B7B2E6A907279272395BBBAD707
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.neileshcorp.solutions
Sending IP: 162.241.215.144
From: Ali M <dinamikakarg@post.com>
Subject: Re: order specification
Attachment: Telet order.zip (contains "Telet order.exe")

GuLoader payload URL:
https://thedebagroup.com/binUG.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Agent.ERNC.27251.12393.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 03:58:01 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6a7530c0fa48f0783631d8eaf91718c577d8e73230f9ebc896dfd501ed061d3d

(this sample)

GuLoader

Executable exe 3f494d2d90c284f08aedea05b57a4eff483d51efe3a7b5cf9ad26c13f2d7e546

  
URLhaus
https://urlhaus.abuse.ch/url/369922/
  
Dropping
MD5 9cdfe792464cbb3704559b481f57189e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3f494d2d90c284f08aedea05b57a4eff483d51efe3a7b5cf9ad26c13f2d7e546

Comments