MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be0e214b44517652bc0068f9ea3d78e8b03994484b40dfe294f5a81acaaf9b5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be0e214b44517652bc0068f9ea3d78e8b03994484b40dfe294f5a81acaaf9b5f
SHA3-384 hash: 2f4f4a1ff527e7b3226bd48c5b388ffd5a4f694461d0701fcbbf6af1f9b05d5b54437fe2ee80c42b8ad634b5ee8b6206
SHA1 hash: e3b610e6a5f1fdba77161db4aa408e5ccfb828bf
MD5 hash: 66ad74f9a769d4c96b9b8882834a82da
humanhash: venus-jig-india-king
File name:attachments.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:75'827 bytes
First seen:2020-06-04 06:03:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:vvaF/LsONjynCUGDGpi61ptPGLMQO7Hrxh6mmtYgrIguu:vvy/hjynZGqDtuLMHLxh6/TrIpu
TLSH DA73025BF40F97F1D186422332A136A5296491DB58300A10EC05BBBFFF5EFEA9D211E6
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: victim-domain
Sending IP: 193.142.58.27
From: victim-email
Reply-To: accounts.ds <wiz2018@bk.ru>
Subject: Fw: Latest Company Memo / Circular 2020
Attachment: attachments.zip (contains "IMG_Memo _ Circular.exe")

GuLoader payload URL:
https://tehrimfatimaassociates.com/wizzybin_hngHKTPpU108.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25676.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22989.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 21:48:40 UTC
AV detection:
4 of 47 (8.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xyhccs2ekf3ffpaand46uply5cydtfcijnan7yuu6wubvsvptnpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip be0e214b44517652bc0068f9ea3d78e8b03994484b40dfe294f5a81acaaf9b5f

(this sample)

GuLoader

Executable exe 88c0ef97b6edb3f676523e57ee95a23604efc28ef3a9db916c2123c793b44571

  
URLhaus
https://urlhaus.abuse.ch/url/378971/
  
Dropping
MD5 43646f4245d1d87318c6569991bbf590
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 88c0ef97b6edb3f676523e57ee95a23604efc28ef3a9db916c2123c793b44571

Comments