MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3c12c7a9d19a2615a745e3499803d1c3cf21c5d8f3b741ca93f6a0a978e8456. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3c12c7a9d19a2615a745e3499803d1c3cf21c5d8f3b741ca93f6a0a978e8456
SHA3-384 hash: 677727d257b08e92d55d9cb34dfa23cb2fb1d8fc1016b77f431810e4192131415dd9f345f29ed1a2069c3d02a386500d
SHA1 hash: d5d5c8005a7fea95c863ad094408717ae5d099f2
MD5 hash: 646b4e54ceea9f4ca85f867f1ccfc6e6
humanhash: india-london-georgia-eleven
File name:PO32008 CT.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:58'101 bytes
First seen:2020-05-28 07:06:18 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 1536:XYLf0VFbgcIx8nv3/OrfrUVkZT30i+lLAl6g:8sVJn/kIkZT30iIhg
TLSH A943F2F55DCA4790B0B12AEB1080AD1246339FBFFFD8F384983E89E7A749D675810661
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mx3-dti.idweb.host
Sending IP: 202.52.146.81
From: Poladata <poladat1@poladata.co.id>
Subject: RE: RE: PO32008 CT
Attachment: PO32008 CT.gz (contains "gunzipped")

GuLoader payload URL:
https://asmobilya.com.tr/AmHome_bhPixbUN54.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMDX.25121.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:57 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz b3c12c7a9d19a2615a745e3499803d1c3cf21c5d8f3b741ca93f6a0a978e8456

(this sample)

GuLoader

Executable exe dbe3adc3ffef68644b53d19190b59e28e31b6caedb7ba852ef2158e662921a37

  
URLhaus
https://urlhaus.abuse.ch/url/370271/
  
Dropping
MD5 b4e1b4bad261f51f70c12abcecb102ce
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dbe3adc3ffef68644b53d19190b59e28e31b6caedb7ba852ef2158e662921a37

Comments