MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79aa2da1836f97b7f4e58ab60e4306d79540aa4bc35e4aba822bfe0a1f587059. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79aa2da1836f97b7f4e58ab60e4306d79540aa4bc35e4aba822bfe0a1f587059
SHA3-384 hash: 533b039d4777fee64d640ad6886eb0d4b89468ee9c223490869a9c332fcdbf938e19b51edd28066cc367f1ea27c02d0a
SHA1 hash: 13106326a1acf0cb783a43137f8a7acb2264b24a
MD5 hash: a1add8fac84adf0e652627414ecc9763
humanhash: moon-pluto-happy-diet
File name:Payment details.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:27'368 bytes
First seen:2020-05-25 13:24:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:VGOWah5tQxIKlFuB2+AdZdqL/bWCB90k0KxH4IQ:EqtKIiuB2+lLTBCByH8
TLSH 6FC2F2B199E72380FC671B4A5F8A8D89AA8F7E1A847645CD0E8590CEDCC85F83CDD4C1
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vps.aquawetsenterprises.com
Sending IP: 45.95.169.142
From: Accounts <info@aquawetsenterprises.com>
Subject: Re: Payment Details
Attachment: Payment details.rar (contains "Payment details.scr")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=132aGbCFOLWMJa0jPqMcb_11GJdIV_N67

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 10:01:46 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 48 (31.25%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 79aa2da1836f97b7f4e58ab60e4306d79540aa4bc35e4aba822bfe0a1f587059

(this sample)

GuLoader

Executable exe 5e1e5f69c17b7f7d578fe65b19f72e43b04752db32fb0c2c6ecc89b97ce0f01f

  
URLhaus
https://urlhaus.abuse.ch/url/367855/
  
Dropping
MD5 d633520811ff99284718ffdb2d5440f1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5e1e5f69c17b7f7d578fe65b19f72e43b04752db32fb0c2c6ecc89b97ce0f01f

Comments