MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91a93a77d9ca5790abac5cc5b59e3dfa4c6f323ec09e277d770f20722c7f5b67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91a93a77d9ca5790abac5cc5b59e3dfa4c6f323ec09e277d770f20722c7f5b67
SHA3-384 hash: 012d182660fcfd5f66e498427a9820c6370af62b4a189275b3d3a8e567ab298fde756cc4fe9374572c8d3defbf0240fc
SHA1 hash: 1dc6eb8bd4050d0080e85794391d990f4bc800ca
MD5 hash: 9e7da3094a87b45746b1706c68f0645a
humanhash: october-king-comet-finch
File name:Document.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:32'905 bytes
First seen:2020-06-09 11:53:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:REzaiMhacBb2xhzVVE5h95ZhsMZbl9ubyv3dtz3e:RztT2xh/kpZhsMBl9uk3dtzO
TLSH C7E201A25CD49DB61261B3D177B1C5E728111989F286F69F230028E478EE66E1DE40CF
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.herwinservices.com
Sending IP: 45.95.169.26
From: "Herwinservices Inc" <info@herwinservices.com>
Subject: purchase price
Attachment: Document.zip (contains "Document.exe")

GuLoader payload URL:
https://redlink.cl//DetaCotizador/conect/DS.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20959.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 11:55:05 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sgutu56zzjlzbk5mltc3lhr57jgg6mr6ycpco7lxb4qheld7lntq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 91a93a77d9ca5790abac5cc5b59e3dfa4c6f323ec09e277d770f20722c7f5b67

(this sample)

GuLoader

Executable exe 352837f7f48c65bab461ad1a4b907226f08604cf13390f8e187daf08e0da7aa5

  
URLhaus
https://urlhaus.abuse.ch/url/384567/
  
Dropping
MD5 599fcd5853a547b8e0de5f93abdeb1ca
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 352837f7f48c65bab461ad1a4b907226f08604cf13390f8e187daf08e0da7aa5

Comments