MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 048d584d488f137e855550b58b0edbc5ea1887c957ff93b2446aae4459d69290. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 048d584d488f137e855550b58b0edbc5ea1887c957ff93b2446aae4459d69290
SHA3-384 hash: 6fede5346e6d50b8efe354e64ce784b824c8e516924f57b1ba8f1cc2ef91f6075c73c907a6332bb45c523b010b4912f1
SHA1 hash: 1adaf6ffc030ed219aa1edef15a347d659227d2c
MD5 hash: b5fd7d96a9ceb5629a4653ea5fff3f7f
humanhash: early-pennsylvania-double-floor
File name:Invoice copy for payment.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'962 bytes
First seen:2020-05-27 18:27:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:ikMjWUj6BoQofxD446F4dHgDl171TmrrCApRMmB:UD6ke46KdAhbeGAB
TLSH F6D2E10EE1BA6877DE1121936814FD9C6CF7AB0E4EA12E6D10DE3FB65DA52401F0911A
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: delivery.mailspamprotection.com
Sending IP: 146.66.121.80
From: Ahmed Maybank <ahmed@inmosolucion.com.ec>
Subject: Re: Remittance Advice
Attachment: Invoice copy for payment.rar (contains "Invoice copy for payment.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1ncnMmqeBxaqCAHQlTpwHS40RTJzSY5du

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:07 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 048d584d488f137e855550b58b0edbc5ea1887c957ff93b2446aae4459d69290

(this sample)

GuLoader

Executable exe 893033ccdb5795d90f5cad3d4e2121307a9f18b05f74c39970395a2f1a6a40ec

  
URLhaus
https://urlhaus.abuse.ch/url/369999/
  
Dropping
MD5 ee47c0c2197e0e632af3e656c42b9641
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 893033ccdb5795d90f5cad3d4e2121307a9f18b05f74c39970395a2f1a6a40ec

Comments