MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 File information Yara Comments

SHA256 hash:	db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5
SHA3-384 hash:	2516f341b063ac4028e6b85962e933ad73403a9de6a6e75ae861d883d6ce86ce18f7e1ce62332766b0a755c59b750ca8
SHA1 hash:	a417a424060f87fa79496e62a50bc59942413a9c
MD5 hash:	46724abd8509c9b73c8b4156e5df9da8
humanhash:	fix-jig-november-emma
File name:	PEDIDO 1.rar
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	23'638 bytes
First seen:	2021-02-22 13:39:43 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	384:4NVk+Y0lzH6mjKsYBiwPMJguD8kGTPo9SA2jc87Pxevh1K+OjO:4k0rVBwPMQkGbvX5ep16C
TLSH	42B2E1D96D00E50FB00AA57050CF00AE23D104D46BFAA35AA75F7ACC8DA943AFE704ED
Reporter	@abuse_ch
Tags:	GuLoader rar

@abuse_ch

Malspam distributing GuLoader:

HELO: hosting.sietevoz.com
Sending IP: 89.39.51.222
From: Raúl Montenegro Parra <r.montenegro@sonepar.es>
Subject: PEDIDO 1
Attachment: PEDIDO 1.rar (contains "Muligheds.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1BCajiRx7Eb3aEQfR45eBviRxNQMQ93hS

Intelligence

File Origin

# of uploads :

1

# of downloads :

91

Origin country :

US

Mail intelligence

Geo location:

Global

Volume:

Low

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Heur.32404.16889.UNOFFICIAL

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5/

Threat name:

Win32.Downloader.Minix

Status:

Malicious

First seen:

2021-02-22 13:40:07 UTC

AV detection:

3 of 48 (6.25%)

Threat level

3/5

Detection(s):

Malicious file

Link:

https://www.spamhaus.org/query/hash/3oj5scf4ws2g3iwwsvg6eoels522ypjympofnkqr3i5eptbfqtsq._file

AV coverage:

1.67%

AV detections:

1 / 60

Link:

https://www.virustotal.com/gui/file/db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5/detection/f-db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5-1614003616

Threat name:

Trojan

Score:

1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar db93d908bcb4b46da2d6954de2388b9775ac3d3863dc56aa11da3a47cc2584e5

(this sample)

exe 24e85ac996d35004ddc5768581a4c025c8620a5f42896d33c02f00c64d921e2f

Dropping

MD5 4aa8881d2d0103703bd7301616cd8caf

Dropping

GuLoader

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 24e85ac996d35004ddc5768581a4c025c8620a5f42896d33c02f00c64d921e2f

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample