MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d5c4ae3a918830c4851dde122ad9e36f5370802c4817b9a6fed2a993ddf5c93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d5c4ae3a918830c4851dde122ad9e36f5370802c4817b9a6fed2a993ddf5c93
SHA3-384 hash: 2ac4d146e024b07338630f94fc2b5b4bf009d129c2fc0aeddef54c24ee20a0b1b833689fd7f29a690d03a25b5aa00b07
SHA1 hash: 0f72f8fd3daf6927fe10bf9fd575aef0c3318f52
MD5 hash: 1ca4da7c17dd18cafce35e0c1da1d360
humanhash: fish-alanine-juliet-burger
File name:Attachments.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:47'840 bytes
First seen:2020-04-22 11:21:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:YdmypfqsHiKIj69gKjReFfGUWAvRhZz/26N3GNFQzp1eiKU7z3ek9qErV1/sfCGm:GBYsCKIOY+UWAvJz/2G1zp4iKU8E7/sE
TLSH BE23F180D5B8DB5E8F9E971F2678FF64F44D67F2648C1B198382C11E598AD0FC904AD1
Reporter abuse_ch
Tags:COVID-19 zip


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader:

HELO: kctcintl.co.kr
Sending IP: 103.89.89.197
From: ''Sunyoung Song''<accounts@kctcintl.co.kr>
Subject: RE: (COVID-19) CI OF NEW ORDER---3013670
Attachment: Attachments.zip->088021ord_ # PO.zip->088021ord_ # PO.exe

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1wsQj0jlPPNRr9E4MJgsHcL4X4jRA1RKYur

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.47806.28665.26661.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 11:04:22 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rvoevy5jdcbqyscr3xqsflm6g32tocacysaxxgtp5uvjspo7lsjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8d5c4ae3a918830c4851dde122ad9e36f5370802c4817b9a6fed2a993ddf5c93

(this sample)

GuLoader

Executable exe 051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab

GuLoader

zip 0a11cb7af63cdcf08aaccc93606e0233c969aba3121c2f2cd2e41444924b9cce

  
URLhaus
https://urlhaus.abuse.ch/url/348125/
  
Dropping
MD5 9e0c9bf230280f50b6935cf06ec8e7d9
  
Dropping
SHA256 0a11cb7af63cdcf08aaccc93606e0233c969aba3121c2f2cd2e41444924b9cce
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0a11cb7af63cdcf08aaccc93606e0233c969aba3121c2f2cd2e41444924b9cce

Comments