MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c6ed6e6e679225a12fd7b458f61d91c94a6f9670db00ec7a8c537e5b241acf8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c6ed6e6e679225a12fd7b458f61d91c94a6f9670db00ec7a8c537e5b241acf8
SHA3-384 hash: 4792e4ed14bcb6f69e55ad7b348a6cd02479d4e8178a1e3aba9e588f3b310ff6d81e9ae26c013949b6244c240a0fab88
SHA1 hash: 4cf98ad8f5b8c7410d7d7c1762d8282f4d13e95f
MD5 hash: bfeb049266585e919e181d1ffdb47bc8
humanhash: stream-wyoming-table-blue
File name:KYOCERA.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'679 bytes
First seen:2020-05-22 09:45:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:IhKfITchoLsV2RhIsYzhydRelBMPO6voxRurkIFy9x36W2:ZfIXoV2As+WPFvEurkIFyGW2
TLSH 93B2E041C26C06DE83F877DBBF1AB926050284657A9BC040071F60917E8B5A68663BFB
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ext42.host.am
Sending IP: 213.136.82.91
From: Krishna financials LLC <info@kts-me.com>
Subject: MT103 Payment in USD flagged _blocked transaction for your reference
Attachment: KYOCERA.arj (contains "KYOCERA.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=16pdtfZQsIuTKlvUWbPTFf7qt38rdyUVy

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-23 04:03:04 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6c6ed6e6e679225a12fd7b458f61d91c94a6f9670db00ec7a8c537e5b241acf8

(this sample)

GuLoader

Executable exe 23f8a240f24779895ffce4e489da04e8cc2c705b2311e13a44432a6ef1b1b430

  
URLhaus
https://urlhaus.abuse.ch/url/366485/
  
Dropping
MD5 3121c5a7b05389503738ce3dca194ebe
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 23f8a240f24779895ffce4e489da04e8cc2c705b2311e13a44432a6ef1b1b430

Comments