MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9616933ea2c75ca49afdd9e514c9888b15894f2fffb0723fffc0f4ccea44ac00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9616933ea2c75ca49afdd9e514c9888b15894f2fffb0723fffc0f4ccea44ac00
SHA3-384 hash: 9001ae56fbc03a7743c95270b1c307999958774ab56e4c4e95c63d802f137702cd5837d8172661248db1bed871160155
SHA1 hash: 485ad8d66a28e95cac3651c39968eda0e061f6f2
MD5 hash: 2d80964e15fddf860fd622a3fb67d0d4
humanhash: pizza-maryland-zebra-angel
File name:Quotation Doc.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:60'162 bytes
First seen:2020-05-28 07:32:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:Ye+uG2cskEGG1GCHw8l/UPlDK4etwRcjRdQ4/KnFoXCtngB9o/jYrWhB0nZ5Qdp5:YNu4oV1Gy/UPFR1CjR7ZXsn2908nQn
TLSH 7043019EE610B8840874F7A1ABCF4D34B62C1D6B2216BD0BF6956D505EB682F1FC63C1
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.tancorp.id
Sending IP: 103.5.50.59
From: Marketing Voda <marketing@vodaindonesia.com>
Subject: Quotation.
Attachment: Quotation Doc.zip (contains "blgeslagenatterminalrekl.exe")

GuLoader payload URL:
https://mncarteam.com/wp-content/nigga_EyQiIznCHu176.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis01441CF5F1AD.14059.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:49 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 9616933ea2c75ca49afdd9e514c9888b15894f2fffb0723fffc0f4ccea44ac00

(this sample)

GuLoader

Executable exe 190d8b4baeee83f2a23ce8ed96cc57ce538bbbbed88e69bdfe131ba7438bf3cc

  
URLhaus
https://urlhaus.abuse.ch/url/370295/
  
Dropping
MD5 01441cf5f1ad84722d72fbe38547e529
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 190d8b4baeee83f2a23ce8ed96cc57ce538bbbbed88e69bdfe131ba7438bf3cc

Comments