MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a0315e216c3c8113675240c37c8bcb200747cea1361e2a164d03e86362be9db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a0315e216c3c8113675240c37c8bcb200747cea1361e2a164d03e86362be9db
SHA3-384 hash: 394e5e49846426cd797eab584e3b85523367b3f5e1a41945eae99531b18d3c77f4598cdb782017b1394f4e76a9a746df
SHA1 hash: 3159101e1ade151d1b30a4d56e38304679950afb
MD5 hash: 79717c60805b63e2ce8252b0b6e26bf7
humanhash: king-nevada-stairway-cat
File name:DOC22052020.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2020-05-22 10:02:59 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:qp1pd8/n28tp5VJruvkuaYQ8NLK1RAXc5jHMZcNR7vF6TM05uVCcpyVrolZHhyw2:55pfJavkT8/4jsZm65co2ZHhyF
TLSH 0DE33B2A7A50F9A6C9204FF11D31CAD40667BD7019620B077ACE7F6D2F3394E9929393
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: poc.creationfinancial.co.uk
Sending IP: 178.62.94.186
From: pablo <info@100gbit-ethernet.net>
Reply-To: kodak3399@protonmail.com
Subject: RE: 02-REQUEST FOR - STOCK
Attachment: DOC22052020.img (contains "DOC22052020.exe")

GuLoader payload URL:
https://noirrealtysolution.com//are/bin_bwocAPbwD126.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:01 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8a0315e216c3c8113675240c37c8bcb200747cea1361e2a164d03e86362be9db

(this sample)

GuLoader

Executable exe a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55

  
URLhaus
https://urlhaus.abuse.ch/url/366528/
  
Dropping
MD5 349102943dad118d0581c3f5e253e9d9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a57304043cdf4e54783b99ba437e2dedc5bded49da0878e17c459ba37e41bb55

Comments