MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77c77146ed6edfa1cde2bb6bfcd835d38a3494b5e845e46adb03e6e9656dccc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77c77146ed6edfa1cde2bb6bfcd835d38a3494b5e845e46adb03e6e9656dccc5
SHA3-384 hash: 472eb32e5c32149db6fcd8553174cba85076dd0bdc68489e9d93c61aed08e023aa41c894e78932bc93dacc3dc032a6a1
SHA1 hash: 919dcb3664cd935c6dfb8987dc6599ba973495cf
MD5 hash: f29fb11f2d4b405614687a86be7ef9db
humanhash: lion-eleven-romeo-summer
File name:Rev-PO-090970656067-100-Order-SampleCompany-Specification.IMG
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-08 18:59:35 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:xCXtuRtS7uL45TTGeZriapWwzxu2HcCP6AyoaVB+68ta:xLS5WcV8K62TQ
TLSH 00451C03FB064602E25959B354A27AB07B17682A04015B1E31EDADDF9BF4727BDEC38D
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: rizzy.us
Sending IP: 103.133.106.94
From: Bae <dragonsport@rizzy.us>
Subject: LEM : Rev-PO-090970656067-100-Order-Sample&Company-Specification
Attachment: Rev-PO-090970656067-100-Order-SampleCompany-Specification.IMG (contains "RFQ.exe")

GuLoader payload URL:
http://23.227.201.165/bin_ccEfcWDu31.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CLASSIC.1800.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 19:01:04 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7dxcrxnn3p2dtpcxnv7zwbv2ofdjffv5bc6i2w3aptoszlnztcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 77c77146ed6edfa1cde2bb6bfcd835d38a3494b5e845e46adb03e6e9656dccc5

(this sample)

GuLoader

Executable exe 116078d29890c8b0d748b2f2709d2768f7ad9ac04688db1f44189f019f62050f

  
URLhaus
https://urlhaus.abuse.ch/url/383080/
  
Dropping
MD5 cdf0407d88735d629d7ab3a28ee820cf
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 116078d29890c8b0d748b2f2709d2768f7ad9ac04688db1f44189f019f62050f

Comments