MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec9d54f625cef1085f641836f89030dce3e92738a93e69887d99ab954d9690be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec9d54f625cef1085f641836f89030dce3e92738a93e69887d99ab954d9690be
SHA3-384 hash: b97c2de3127a916d3c45fd83739e9da995fbd5d011c8799cde2bc22f4303126234de82d9fc1aba0686e7565414486a3e
SHA1 hash: 344499256497b9d90a9ee55c5010b890347f0324
MD5 hash: 5b34d3d16f9e80b547d7399ae61e212d
humanhash: september-monkey-india-dakota
File name:RFQPO700125210.r15
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'241 bytes
First seen:2020-05-28 07:05:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:wPKAZ+fzi/leGfhwnd3BXxyTLwJlYSOJuac54QgSUSsWBDsJdrrctrdnq5eW:8Ks+f+rMxDyLCYwac54bUBGiNk
TLSH 7D3302721F9DAA847A50823F734E9C7D850D6BD43615292FADA3930BF2ADDBC2E13405
Reporter abuse_ch
Tags:GuLoader r15


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Qatalum Services LLC <info@qatalum.com>
Subject: Qatalum RFQ PO700125210 Supply
Attachment: RFQPO700125210.r15 (contains "RFQPO700125210.bat")

GuLoader payload URL:
http://www.mailserverservices.info/XAZ_XRrorYsrkF74.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 00:25:28 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ec9d54f625cef1085f641836f89030dce3e92738a93e69887d99ab954d9690be

(this sample)

GuLoader

Executable exe 42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58

  
URLhaus
https://urlhaus.abuse.ch/url/370264/
  
Dropping
MD5 33848711e66319dc81230b27d496c059
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 42895dc552049d3cfd80ced83d8e2fbfc30adc3799e3748aa5f9e7df32373a58

Comments