MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09a997f08fcef74ab48723a3e22075e82be37c84fe48734b4322f0a20e3f1383. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09a997f08fcef74ab48723a3e22075e82be37c84fe48734b4322f0a20e3f1383
SHA3-384 hash: 64b277e69602f8356e9dd2536768f04d6b4d74737e9054b142ee0d17615d8234bd22bfddf6771c216fa163fba0e36dda
SHA1 hash: 74ffe71ee637af931cc7056fd820606814ec2140
MD5 hash: b15d91b8293a362f7dfbf160527963ee
humanhash: eight-vermont-sad-montana
File name:TESLA Purchase Order T260520.PDF.tar
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'367 bytes
First seen:2020-05-26 07:51:25 UTC
Last seen:Never
File type: tar
MIME type:application/x-rar
ssdeep 768:YwlgvAv5cbKA8f10skI8jLomJJlMBrm3CMv/mM:Ywl8Av5KkfusH8ImJJIm3Tv/mM
TLSH 9BE2F1C4B5D687036E2E26DC68D3DEC66D8DB232F9D27C580C6056C4F90D29FEB0265A
Reporter abuse_ch
Tags:GuLoader tar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: jx5.csnns.com
Sending IP: 211.23.136.246
From: Jean Carlo Nadaiyazhagan <TESLA@ucfunction.com>
Subject: Fwd: TESLA Purchase Order T260520
Attachment: TESLA Purchase Order T260520.PDF.tar (contains "TESLA Purchase Order T260520.PDF.pif")

GuLoader payload URL:
http://rilathome.lv/wp-content/1FilesSharingLoky4_phhQiEWp230.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:36:38 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 30 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

tar 09a997f08fcef74ab48723a3e22075e82be37c84fe48734b4322f0a20e3f1383

(this sample)

GuLoader

Executable exe 09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d

  
URLhaus
https://urlhaus.abuse.ch/url/368723/
  
Dropping
MD5 911d8480924add3e419d506fe5b71e37
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 09838078bc786269db65986e324234d647ff0154b07565e59bdf34f5f72d650d

Comments