MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c693e27357c9f3c97663e24c3accf9f92c014f4d1ad3776e83f79a677c000e76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	c693e27357c9f3c97663e24c3accf9f92c014f4d1ad3776e83f79a677c000e76
SHA3-384 hash:	6f1556472f4ad87b81dacc715ffe1cb9b4b3a99ae65b5506daadbf623ba374d2167652ac7d339ce9266265ce72c15198
SHA1 hash:	b9f7265e0c1cda289f14597bb363de096e7ff1d5
MD5 hash:	26d06077d093b69cb95b0a3e47d58a0b
humanhash:	hydrogen-fourteen-zulu-mississippi
File name:	Purchase Order.zip
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	48'991 bytes
First seen:	2020-06-08 19:00:23 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	768:09NdqZl+H7ACIUwCsQAWRT8X7Bh6S5N97IxtM+KohtWlMXWkqCGWZpf9ip:09NYZy79pwCsAh8X7Bh6ST9kvXK2tWlp
TLSH	232302BAA93C0E4B9DA5C5F67B1C302587EE0257263FC1532E989C33975408DE249E0D
Reporter	abuse_ch
Tags:	GuLoader zip

abuse_ch

Malspam distributing GuLoader:

HELO: frf-ajf.ro
Sending IP: 89.45.174.241
From: FIFA Regulations Dept <Baumann.sonnenburg@dr.com>
Subject: RV: FACTURA
Attachment: Purchase Order.zip (contains "Purchase Order.exe")

GuLoader payload URL:
https://rcmmanagement.com/fit/fit.bin