MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce8cca2a7fa7de5865ad68b344af63fcd7579bd57115cba481b3276a1c8f35e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce8cca2a7fa7de5865ad68b344af63fcd7579bd57115cba481b3276a1c8f35e2
SHA3-384 hash: 7b52ad1f654fbd98257e92e652dfc457e0cf4888393dc937b0626f6ba2b5a8fc202d7eef04a249edc90c9a1465344745
SHA1 hash: cced7db8753aeef38f8f7197049bbed5cfb1dc29
MD5 hash: 07777e1e75edef92f55943add1ef7343
humanhash: yankee-island-sierra-eight
File name:Shipping advice.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'221 bytes
First seen:2020-05-22 09:55:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:/982XHdvAyNvZ/4WoSzCw7zY/yRAr4rbkpWf1TvyofAqZC4s2PF4QnqJHnGkuyvs:/dtlNxgWo70Y/yREGk0fQzqZC3gF5nqQ
TLSH 8EB2E0347D2A9AD7A3C87B3F79F34236C8CE181A97DBD116AA374D8812C1A900F14676
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp1.hiworks.co.kr
Sending IP: 121.254.168.204
From: Seon Won <triangle@cnilogis.com>
Subject: Fw: Shipping advice
Attachment: Shipping advice.zip (contains "Shipping advice.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Zkp6lYWfhKKaXXb76nvfWKLHBqPmer7C

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.44564.15213.1861.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 10:37:16 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
24 of 46 (52.17%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ce8cca2a7fa7de5865ad68b344af63fcd7579bd57115cba481b3276a1c8f35e2

(this sample)

GuLoader

Executable exe d6f2ddb3eb2696dc88121f6cad6fce9c0b023d4aa1f8a31e912c7577b2e08e32

  
URLhaus
https://urlhaus.abuse.ch/url/366491/
  
Dropping
MD5 1948787e848758aad4f5712626724c50
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d6f2ddb3eb2696dc88121f6cad6fce9c0b023d4aa1f8a31e912c7577b2e08e32

Comments