MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b947d8aced2397256fdb3c3f10806823d6d8635e1798f7e1a3e5749380ada9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b947d8aced2397256fdb3c3f10806823d6d8635e1798f7e1a3e5749380ada9a
SHA3-384 hash: b5fdd1877eb84800003c70a9ae02d0a27a801ea1290ed3f91a7f3eae30fca9f1c908ba352614e31fc29c64750bdee9df
SHA1 hash: 425058d5199e3ddda1de48a0720706def9c03ef5
MD5 hash: 8837617cab59ff9beef51dea993c94c7
humanhash: salami-oranges-mike-fix
File name:215CE.r11
Download: download sample
Signature GuLoader
Create hunting rule
File size:23'867 bytes
First seen:2020-05-21 08:44:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:4aTgBpS/qP4N3wn+1x/sCiuqSVDwW2DpLTwRE2+pLXk1mZn5sfJbqJsoXKlZCma/:US/b5sCisVsW2DIIXk8LsfgT0Jw
TLSH 3CB2E11D7C3BB284FA9FCC1F098B42BC252BF25808EC1B5BF186B85659B80E5C9430B4
Reporter abuse_ch
Tags:GuLoader r11


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: jingyuan.com
Sending IP: 31.168.40.90
From: Jason Wang <sales@jingyuan.com>
Subject: 採購訂單
Attachment: 215CE.r11 (contains "215CE.exe")

GuLoader payload URL:
http://class.britishonline.co/bin/bin_CxzruZVpeF159.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 00:24:12 UTC
AV detection:
12 of 30 (40.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rokh3cwo2i4xevx5wpb7ccagqi6w3brv4f4y67q2hzlusoak3kna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 8b947d8aced2397256fdb3c3f10806823d6d8635e1798f7e1a3e5749380ada9a

(this sample)

GuLoader

Executable exe 703340ccade47686ffd64ad3bda9829f0b1d8b704101c5f5dc2b66edcf01dfa6

  
URLhaus
https://urlhaus.abuse.ch/url/365788/
  
Dropping
MD5 6f39fea6c99c411f7a17d086202b3dc9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 703340ccade47686ffd64ad3bda9829f0b1d8b704101c5f5dc2b66edcf01dfa6

Comments