MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments 1

SHA256 hash:	98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e
SHA3-384 hash:	07bbd8dd06252778e78854aeca79f7d0ec6b5f486e53b8716662d0b70aadd8bc8ec20c8e436c78ce5a7a583f6f413c6e
SHA1 hash:	caa43cdfd1ec56602c66fbabaa0790bec1a0d41d
MD5 hash:	84ada40cf5dc6367db6d5c04f6f17ee6
humanhash:	fourteen-beer-black-nine
File name:	rechnung.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	126'976 bytes
First seen:	2020-05-26 10:11:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f5ac698f48a45ce084344ecdb29b016d (8 x GuLoader)
ssdeep	1536:saavG7nFO96nAr09M4QbXBy66kYMH32eZ6m2iOBHAMwPGtVD518MXTbI:yvG7nFO96ArQHZMX2MRsD5JT8
Threatray	153 similar samples on MalwareBazaar
TLSH	26C308337CACEE41E95C2FF10D73A95B29166C2066914F2B7A46FB1C66361D138E072D
Reporter	abuse_ch
Tags:	AZORult DEU exe geo GuLoader

abuse_ch

Malspam distributing GuLoader:

HELO: dd37126.kasserver.com
Sending IP: 85.13.153.207
From: bschaefer@schloss-willebadessen.de
Subject: AW: AW: Zahlungsbeleg und Auftragsbestätigung 26-05-20 Rechnung_20-613129926-001
Attachment: rechnung.zip (contains "rechnung.exe")

AZORult payload URL:
http://156.96.118.179/RSol.bin

AZORult C2:
http://infosales.duckdns.org/index.php