MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 886121e269b62ee48580e67188589861acc64e48079182dd744f2bf5a62ed6f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	886121e269b62ee48580e67188589861acc64e48079182dd744f2bf5a62ed6f4
SHA3-384 hash:	c13ed1354301d86e4364cc811daa7477fc9962054cf9016735fb15a36924c086a5fc1220e49b81c86eef067581cd9a60
SHA1 hash:	fede522d51dd841812d6884051920e7aec843957
MD5 hash:	5e5ece23a958c7ef48446d92296fd36f
humanhash:	enemy-robin-orange-freddie
File name:	RFQ 20345.ARJ
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	27'969 bytes
First seen:	2020-05-26 13:38:16 UTC
Last seen:	Never
File type:	arj
MIME type:	application/x-rar
ssdeep	768:8HlxFI4NYCxbqeEAl+5+wOD/xuQqWLwBsy:8Hlxm4Nd4x3OTx9qWLuZ
TLSH	EDC2E1DD4E780A778715A7BA08EAB8DCF1B43B0451BF68A5F8166C49B1AD15231D2C0F
Reporter	abuse_ch
Tags:	arj GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: srv.ee.com.tr
Sending IP: 185.99.199.145
From: Eng. Ossama Ismael <xx@yy>
Subject: RFQ# 20345
Attachment: RFQ 20345.ARJ (contains "Alleviatio.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uGIRxU1Rh8xwS-O5w0Sq1ILPMWoUkKja

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-26 14:36:03 UTC

AV detection:

20 of 48 (41.67%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 886121e269b62ee48580e67188589861acc64e48079182dd744f2bf5a62ed6f4

(this sample)

GuLoader

exe 5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8

URLhaus

https://urlhaus.abuse.ch/url/369175/

Dropping

MD5 a257af6b9f676b3ff9f6dc9bdc493c2c

Dropping

GuLoader

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 5fbfcfd0538505c1cb82e54b55461e7542a403b676b36a2500734f89b32bf2c8

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample