MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



GuLoader


Vendor detections: 6


Intelligence 6 File information Yara Comments

SHA256 hash: db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5
SHA3-384 hash: 2516f341b063ac4028e6b85962e933ad73403a9de6a6e75ae861d883d6ce86ce18f7e1ce62332766b0a755c59b750ca8
SHA1 hash: a417a424060f87fa79496e62a50bc59942413a9c
MD5 hash: 46724abd8509c9b73c8b4156e5df9da8
humanhash: fix-jig-november-emma
File name:PEDIDO 1.rar
Download: download sample
Signature GuLoader
File size:23'638 bytes
First seen:2021-02-22 13:39:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:4NVk+Y0lzH6mjKsYBiwPMJguD8kGTPo9SA2jc87Pxevh1K+OjO:4k0rVBwPMQkGbvX5ep16C
TLSH 42B2E1D96D00E50FB00AA57050CF00AE23D104D46BFAA35AA75F7ACC8DA943AFE704ED
Reporter @abuse_ch
Tags:GuLoader rar


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: hosting.sietevoz.com
Sending IP: 89.39.51.222
From: Raúl Montenegro Parra <r.montenegro@sonepar.es>
Subject: PEDIDO 1
Attachment: PEDIDO 1.rar (contains "Muligheds.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1BCajiRx7Eb3aEQfR45eBviRxNQMQ93hS

Intelligence


File Origin
# of uploads :
1
# of downloads :
91
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Downloader.Minix
Status:
Malicious
First seen:
2021-02-22 13:40:07 UTC
AV detection:
3 of 48 (6.25%)
Threat level
  3/5
Threat name:
Trojan
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments