MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0119e714f6b46e4790dd3944850a5d3fa8b147e258389b17fd900406b9adb5ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0119e714f6b46e4790dd3944850a5d3fa8b147e258389b17fd900406b9adb5ca
SHA3-384 hash: 1b7ac0920c1584b5eeb0d80615dbe2c6d884c0d528a12498eeddcf384a318c9099f6556e079f73e7aa67d837190918b1
SHA1 hash: f7efbf8781ffd5372aba1ef6a165a10ba64a2e5b
MD5 hash: 340eb44b60732938b5451bd1fa610e5a
humanhash: magnesium-texas-friend-alpha
File name:Order2256215M_pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'052 bytes
First seen:2020-05-22 15:03:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:KKtUZsGZwSxYJP6clNif1o5KG4buuwIvs1IO6ED2Gph44XBJFmtKJXcKIGG4tWm0:KK9G/xU6clK6KG9Yvs1tzU4XZmKMGsm0
TLSH 23B2E2B6366415F0690490F8CD341FBB48FBA91F2549AD59C3CF806579F3E59D700E61
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: qq.com
Sending IP: 183.3.255.184
From: Sales <reservations@ss-wq.com>
Reply-To: pay@sh-soa.com
Subject: New Order (Urgent)
Attachment: Order2256215M_pdf.zip (contains "Order#2256215M_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25190.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 15:35:43 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0119e714f6b46e4790dd3944850a5d3fa8b147e258389b17fd900406b9adb5ca

(this sample)

GuLoader

Executable exe ce13b6969219a3acc2cd23208f987f4a2f6779b6bd34bfc22c6f35946cf2fad7

  
Dropping
MD5 c81999ecbf702c3071b1a6abe3c6a1aa
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ce13b6969219a3acc2cd23208f987f4a2f6779b6bd34bfc22c6f35946cf2fad7

Comments