MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a71c0f86ef3b570a9d3429e4787bf32d79a1539a81d71788f84124cbcd07112c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a71c0f86ef3b570a9d3429e4787bf32d79a1539a81d71788f84124cbcd07112c
SHA3-384 hash: 5d32e9a8cbe26b4c5db5029b188feadc3757e7f9911dc6ba132b3dcc4a078eb8cf9a537b2bfec5422c5ec12805fb3421
SHA1 hash: 104ccc5f2c975f7087d1f35dd9bed5fbc40883c0
MD5 hash: 1709452aaeebcc34e96b0b71fa9fc321
humanhash: robin-river-table-october
File name:Request Quotation.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'897 bytes
First seen:2020-05-21 08:47:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:DlkQk/CtMyTofgfhMz36mqrUfF+kFZZAUH5h:xkQSCkwY0UfvnBn
TLSH 4DC2F109DAC12EEC2BFB42535F798E64F2C8C73270744598B4C9B6031EE4D71A596FA0
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmipt.com
Sending IP: 156.96.62.50
From: Purchasing GMI <purchasing@gmipt.com>
Reply-To: mhosek46@gmail.com
Subject: Request Quotation
Attachment: Request Quotation.zip (contains "Request Quotation.exe")

GuLoader payload URL:
http://anakleather.ir/som/ebuxxx_CmgdnGPQUo187.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47939.10984.8203.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 03:56:58 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u4oa7bxphnlqvhjufhshq67tfv42cu42qhlrpchyiesmxtihcewa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a71c0f86ef3b570a9d3429e4787bf32d79a1539a81d71788f84124cbcd07112c

(this sample)

GuLoader

Executable exe d28f7e29c76ea32e8a690122a4d729408136d83a70ac491231b7458c740c86a5

  
URLhaus
https://urlhaus.abuse.ch/url/366070/
  
Dropping
MD5 f97539ffe6a1c4d4649e64e2f8fce430
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d28f7e29c76ea32e8a690122a4d729408136d83a70ac491231b7458c740c86a5

Comments