MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4520c9fbeb80e783cb3be637a21bcc8c94cd27107f3270c26922100b9ccc0fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4520c9fbeb80e783cb3be637a21bcc8c94cd27107f3270c26922100b9ccc0fb
SHA3-384 hash: 5203b18249ef9a2b566973a945817c9d8d307c58c52d2d9a7d94c3a1e8a896889cc6e9e7e650aa828db8ed781564a4ab
SHA1 hash: db272ddd8278f005334a82a640a0c8c1c713fe90
MD5 hash: 433ab32ac7fff218ce257bbce73b144a
humanhash: finch-louisiana-wolfram-tennessee
File name:RFQ MGB2345545 Product list.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'928 bytes
First seen:2020-05-25 13:22:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:AUnB+q5EY9npSqS/Kv4ca8gUeNKk/BDFy3DZpy1n+/1gZLGepsacqXRKNzXRMHXi:9nBRL9pSX8TaFOpaUkGedcUSjX
TLSH 78D2E1013E97DCD689E3A823BBB81C97A18816967CF336A039B30841D54F59C69873DA
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 37.49.230.208
From: Siddhu <sales@gmail.com>
Reply-To: fortunatodaniel.johndeere@gmail.com
Subject: RE: RFQ MGB2345545 Product list
Attachment: RFQ MGB2345545 Product list.zip (contains "RFQ MGB2345545 Product list.exe")

GuLoader payload URL:
http://hosseinsoltani.ir/tunned_Hgtctl247.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis348C87BB74AF.16087.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 01:20:49 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip f4520c9fbeb80e783cb3be637a21bcc8c94cd27107f3270c26922100b9ccc0fb

(this sample)

GuLoader

Executable exe 7bf07cca387afc2d6efa371499a79223af509a0af21a1953d3e83fcf8c9554ba

  
URLhaus
https://urlhaus.abuse.ch/url/367840/
  
Dropping
MD5 348c87bb74af97fedaa11937ea177ea2
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7bf07cca387afc2d6efa371499a79223af509a0af21a1953d3e83fcf8c9554ba

Comments