MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e80f5738563b9b3e550e88501af16fc15692d9f3799dd31e07446a892e19ae9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e80f5738563b9b3e550e88501af16fc15692d9f3799dd31e07446a892e19ae9f
SHA3-384 hash: 84aa168466eb61b67df11f40b2ed2d20202b294d55b9a48b27e0fc87743454a3524ed93d49382171a73a68903e2f8daa
SHA1 hash: c8f861f16acbf99a353cce5cdc690956e4fbf2f8
MD5 hash: f06efa3a49b9b47b120675eea8607f0b
humanhash: equal-single-sink-oranges
File name:PO001122.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:59'477 bytes
First seen:2020-05-28 07:33:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:45ukQVNY9/KE4wpg6rdKVsfjh+KtvVAP9w83DgRgbiz7Fhqy087f5uUhX:45uPNMKt0dsij3t949qRgbiXFLbfQUhX
TLSH F4430236BA8D3AE82E345B0F75A04A2813341CFC4932A8E52351F971232DABE7565E74
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: vxsys-smtpclusterma-05.srv.cat
Sending IP: 46.16.61.66
From: info@continentaldd.com
Subject: FW: Shipping documents // CI # 2024000018 // PO # 001122
Attachment: PO001122.zip (contains "PO001122.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1YSoNLyxFzzXQ-EJ9H9Wy4slJA-x0tuLs

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis25B69FDBACF0.2895.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:38:06 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip e80f5738563b9b3e550e88501af16fc15692d9f3799dd31e07446a892e19ae9f

(this sample)

GuLoader

Executable exe 1b4b6620233a82eab9ece44f5b3d5aa273b193beb62faea4774467e02d1dbe61

  
URLhaus
https://urlhaus.abuse.ch/url/370299/
  
Dropping
MD5 25b69fdbacf01760773884f1745c14ae
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b4b6620233a82eab9ece44f5b3d5aa273b193beb62faea4774467e02d1dbe61

Comments