MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06c4c7adc57647640c146e7246f9408f8f14ff08ae2287014041d605532fe9e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	06c4c7adc57647640c146e7246f9408f8f14ff08ae2287014041d605532fe9e9
SHA3-384 hash:	c1020253597f1f97572920e3dadf8eb6cad3b9ccd3e3de60ee04bcb58097fe5c7013703f6866ec3c848efce447625d7b
SHA1 hash:	d4419677f074afb643a1d77763050a8fe22f794f
MD5 hash:	b1b7cec7289ed72e11b693fbaba31587
humanhash:	east-lactose-iowa-pennsylvania
File name:	PO8592505_pdf.zip
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	34'428 bytes
First seen:	2020-05-26 07:53:23 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	768:jzfbpK/unsA5qmuaYyK7fj5aIQO+mQWK7jqmh6AWuzo4YX:jzfE/usAIbapgfNaI9Qqm9o4K
TLSH	98F2E1A622F2805DC5A29DBFDFDF77EA171391B5AD406DAA50BAF01C04BE68D0CC6344
Reporter	abuse_ch
Tags:	GuLoader zip

abuse_ch

Malspam distributing GuLoader:

HELO: seed.net.tw
Sending IP: 139.175.54.24
From: info@alaskerparkers.co.uk
Subject: New PO.
Attachment: PO8592505_pdf.zip (contains "PO8592505_pdf.exe")

GuLoader payload URL:
https://weareupstream.com/n/bin_KiMXIY135.bin