MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ba69f06bf10b41bff555e006d2ee71625d807e55aadf576c4a65b524dd93700. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ba69f06bf10b41bff555e006d2ee71625d807e55aadf576c4a65b524dd93700
SHA3-384 hash: c7694bbbd0d82fe9dd462e8f014e41f53d95e85d7826361add4cb5f26df807fcc62916ad8c099eb7a724b5d40942951e
SHA1 hash: 0b486ee95d704ab94170d3ccac87b7e2eb23f646
MD5 hash: f1a702fa3806c4f0801f3ac6a7fc2700
humanhash: don-fish-johnny-six
File name:Swift Copy 05272020 1.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:33'311 bytes
First seen:2020-05-27 17:38:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:lwjlx0s9pLFV0Jjg+VBI80ajtms0fBDdxvFTtdv3aW1:lQhus+V68060BfvFTT3z1
TLSH D2E20125340719E91C98BAA044449070F6D5AFA5CDB281FAEE7E21ACA27CF434FD390B
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: digamma.host-in-europe.com
Sending IP: 62.75.189.83
From: kudinova@otis.kz
Subject: Payment Sent T/T Receipt Attached - Overdue Invoices Payment
Attachment: Swift Copy 05272020 1.zip (contains "Swift Copy #05272020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Xz0ePHLZIeLjaaJwRhSU_Zg1x33bcqXM

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 03:58:01 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0ba69f06bf10b41bff555e006d2ee71625d807e55aadf576c4a65b524dd93700

(this sample)

GuLoader

Executable exe c99caaeafc28f97895ebdd8533d7c7ac5b617fb0f188827c193a948c237aebb4

  
URLhaus
https://urlhaus.abuse.ch/url/369980/
  
Dropping
MD5 3da7bbf4b9a736ec22ec15075adde589
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c99caaeafc28f97895ebdd8533d7c7ac5b617fb0f188827c193a948c237aebb4

Comments