MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef46452e79ed6ba4e72fdffad80d6733084a2fb984f35ce2df89356734d4a036. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef46452e79ed6ba4e72fdffad80d6733084a2fb984f35ce2df89356734d4a036
SHA3-384 hash: d4a38d0010a816369741901b9b38495ead0183c8874d8095d7f9f4c54ae13d43709b237bdd71022c25b3d56f57b66baf
SHA1 hash: 2b190ea7d622f319b8d043122464b1ce038ec12c
MD5 hash: cea2989f375f0aa3ac91062d892c083a
humanhash: network-juliet-butter-king
File name:Scan Docs_pdf.ace
Download: download sample
Signature GuLoader
Create hunting rule
File size:53'237 bytes
First seen:2020-05-28 07:32:38 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 768:Uk4KnpjeWaU3tX3iSs06FomEV7LRxPvLxhyQaV152niVLZcgnudW0QhkJ8qjXhXA:EiC1U1OSme7L/VhyQWenI0QuGqPvj3s
TLSH 0C33F1CA934CCF0E5826CAB1F1AB593E6AC60B9D8D373B3D44C067AD136A55464637C4
Reporter abuse_ch
Tags:ace GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hosting.comfrel.org
Sending IP: 162.241.208.147
From: ROKONMA (S) PTE <azlina@rokonma.com.my>
Subject: Please send me price list.
Attachment: Scan Docs_pdf.ace (contains "Scan Docs_pdf.scr")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1SA4he85xIRkjUfb3FHCV-SwZ8OCkIZMu

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:38:10 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace ef46452e79ed6ba4e72fdffad80d6733084a2fb984f35ce2df89356734d4a036

(this sample)

GuLoader

Executable exe 15d5be42969f8c721f755e17bacdce7a02d12838134d441b1a99bcdee928bd85

  
URLhaus
https://urlhaus.abuse.ch/url/370284/
  
Dropping
MD5 2ea0df569e27a658070c8f74871e150e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 15d5be42969f8c721f755e17bacdce7a02d12838134d441b1a99bcdee928bd85

Comments