MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbb17c690cc4044e159a01418d7a5fdbceda7f2ce3bba630cd5ec2e05e00d4e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbb17c690cc4044e159a01418d7a5fdbceda7f2ce3bba630cd5ec2e05e00d4e1
SHA3-384 hash: 7f69035da9dda66f43b3d966202dd543cb9cee2ec0c00561770b7b987e1c88092f0fc961d29a53915ec428f6d28a3494
SHA1 hash: a37c503a2356688b13930ad3e72e83dfb834febc
MD5 hash: 33faa4d72e2ab3725b827576729e9ad8
humanhash: nitrogen-romeo-michigan-ten
File name:Swift Copy 05202020.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:28'102 bytes
First seen:2020-05-21 08:37:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:nAWaou1Yxq7cLy4cEpgii7wESgri6l4xi:BuqKcLyXmgi09l4E
TLSH 1AC2F1E1446E72609CCBE8FCCCD1FA1850B5231E889CFE9C7AD9D84152BF81FB15A941
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: alojamiento1.gestiondecuentas.net
Sending IP: 185.73.178.91
From: contacto@mesonjulian.com
Subject: Fwd: Payment Sent T/T Receipt Attached - Overdue Invoices Payment
Attachment: Swift Copy 05202020.zip (contains "Swift Copy #05202020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1whdZ1US-nWsLYqOZjaaHIx0ywlNSaqly

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.6933.5385.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:36:41 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xoyxy2imyqce4fm2afay26s73phnu7zm4o52mmgnl3boaxqa2tqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip bbb17c690cc4044e159a01418d7a5fdbceda7f2ce3bba630cd5ec2e05e00d4e1

(this sample)

GuLoader

Executable exe 4a1ccc4107466c1cc4454548d16cce5b1104177af32a60ffdf07d5af5f9141ca

  
URLhaus
https://urlhaus.abuse.ch/url/365703/
  
Dropping
MD5 ed552a5a2ce960006ea5f715719df40d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4a1ccc4107466c1cc4454548d16cce5b1104177af32a60ffdf07d5af5f9141ca

Comments