MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a78061c8edeb1e8657489feeca0b7a04666a18af84a8b76e7c8f229ad1f82609. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a78061c8edeb1e8657489feeca0b7a04666a18af84a8b76e7c8f229ad1f82609
SHA3-384 hash: 2f8bf802a0879c651e4d2e4bc5116856787782017e4655f3d10bdfbdaef4d3c6fa9adeaca34abc540ffa5935ded7e0d8
SHA1 hash: b1a8953543f4a89d899af5133348122fca4f34c5
MD5 hash: 6abf59a2a068a9a281de2554e3c01aff
humanhash: bacon-speaker-foxtrot-fourteen
File name:Order_67297791.tbz2
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'884 bytes
First seen:2020-05-28 07:07:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1536:cPFv98hRF/gSL4USm81JqupgcYqBNBLu90bZbPXm4FfL:AJ9GRF/gSL4pBwuCcfBNM90bPXm6
TLSH 13330218370762DBFA7A0403AC9A5B0C7C37ECBF31271069EF9692838BF5810D666695
Reporter abuse_ch
Tags:GuLoader tbz2 Yahoo


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sonic302-3.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.135.42
From: Кунградский содовый завод <lynn.fletcher60@yahoo.com>
Reply-To: Кунградский содовый завод <lynn.fletcher60@yahoo.com>
Subject: Re:
Attachment: Order_67297791.tbz2 (contains "Order_67297791.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%21147&authkey=AI_x4GZ2DJKnE7Q

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:53 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar a78061c8edeb1e8657489feeca0b7a04666a18af84a8b76e7c8f229ad1f82609

(this sample)

GuLoader

Executable exe 9f7bac168d783095c28bfe48f9ff40079fde45084dbe9aac78eefa54c4cf15ff

  
URLhaus
https://urlhaus.abuse.ch/url/370272/
  
Dropping
MD5 5a8e17e8487d19ae6765fd2e83e3ee61
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9f7bac168d783095c28bfe48f9ff40079fde45084dbe9aac78eefa54c4cf15ff

Comments