MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab2f87e2d93d1eba2a0053f661340a01eb6e1c5d1881abca1dd0225d4076eb10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab2f87e2d93d1eba2a0053f661340a01eb6e1c5d1881abca1dd0225d4076eb10
SHA3-384 hash: 158ba55a03e1abca0b69f71c39cf129f7b5fab0c21e80a55b568884bca47261fe393db201b02a82fc01576f5deda5beb
SHA1 hash: e8d37d77bb23e21cfb358bddd9e41777f41b0628
MD5 hash: 600b27b0d51c86695581e50b6fa8345a
humanhash: october-speaker-eighteen-magazine
File name:rechnung.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:36'213 bytes
First seen:2020-05-26 10:11:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:M+TAvW6mm6rzpUfGIMRNZ/N0bI/HTwIUgaLiTGDHLN1UUD:nWY9zi+ImxaYTt1KD
TLSH 75F2F153E50900F932CAF37CD68D178604D1BCFB8D26CEE659E8024ED61AE09079E59F
Reporter abuse_ch
Tags:AZORult DEU geo GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dd37126.kasserver.com
Sending IP: 85.13.153.207
From: bschaefer@schloss-willebadessen.de
Subject: AW: AW: Zahlungsbeleg und Auftragsbestätigung 26-05-20 Rechnung_20-613129926-001
Attachment: rechnung.zip (contains "rechnung.exe")

AZORult payload URL:
http://156.96.118.179/RSol.bin

AZORult C2:
http://infosales.duckdns.org/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Jaik.40161.21974.30191.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 10:36:52 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ab2f87e2d93d1eba2a0053f661340a01eb6e1c5d1881abca1dd0225d4076eb10

(this sample)

GuLoader

Executable exe 98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e

  
URLhaus
https://urlhaus.abuse.ch/url/366085/
  
Dropping
MD5 84ada40cf5dc6367db6d5c04f6f17ee6
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e

Comments