MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91079edb69a32d2edfb8edc9650407ef699105628637413cf0a9c93f52809f8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91079edb69a32d2edfb8edc9650407ef699105628637413cf0a9c93f52809f8b
SHA3-384 hash: 63c6022c608ab3bb6c9fae67ce9a94ac11665c352990d75497021a01f7b458eea1641a46cbb2d9e09323cedc5b1702bb
SHA1 hash: 197057011b50fbdb872ad4612febd031d6afa8f6
MD5 hash: f414bde3059825e9faaa3a668e66329e
humanhash: bravo-skylark-georgia-jersey
File name:inquire-E+S2_xlsx.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:76'522 bytes
First seen:2020-06-04 06:03:39 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 1536:Ty77+XFUPIRmxafgiQS3RQlUYAZ7kVlwQmLekXlEvTzS1kfQc8gM:TE7+VUu2aYPShglqIVlwQm/QW6Qc8gM
TLSH 617312E329DD255DEE333E04A06EDF80857815C3E53147B8D12ECB3B5C6CABA31609A1
Reporter abuse_ch
Tags:GuLoader gz HostGator


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gateway30.websitewelcome.com
Sending IP: 192.185.168.15
From: Michelle-Lina (Ms) <michelle@xinyiglass.com>
Subject: XINYI ENERGY New inquire-E+S-20200603 and accessories
Attachment: inquire-E+S2_xlsx.gz (contains "inquire-E+S2_xlsx.exe")

GuLoader payload URL:
https://djmixers.co/kali_eJAiaBB84.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 03:57:05 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sedz5w3jumws5x5y5xewkbah55uzcblcqy3ucphqvhet6uuat6fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 91079edb69a32d2edfb8edc9650407ef699105628637413cf0a9c93f52809f8b

(this sample)

GuLoader

Executable exe cbd23ab3964e6425f0068a39d6f15dd86708c1bd091912e9229c1840e75ec70d

  
URLhaus
https://urlhaus.abuse.ch/url/376013/
  
Dropping
MD5 0656d351e0402c0c75469794da985d0a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cbd23ab3964e6425f0068a39d6f15dd86708c1bd091912e9229c1840e75ec70d

Comments