MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16f8c8c1f740fcb37b959d53a0299c1081235edbdb9bc2d0a680f8fd48f84e4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16f8c8c1f740fcb37b959d53a0299c1081235edbdb9bc2d0a680f8fd48f84e4e
SHA3-384 hash: 42cc37d37995c825f087ac23a63a7b4814c363fdd93487d68717d6a85a53fe68ec2fea60e209616b32c92b7099152200
SHA1 hash: 2ec924790fe1981d64e3221b08b5b3511b8badd9
MD5 hash: e517df9ce47fecaf497bfca5762e264a
humanhash: carbon-charlie-lake-moon
File name:Requisition.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'799 bytes
First seen:2020-05-26 09:01:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:M+5OTRbXkqKP/VlbqAepXjhuRE92BSeu5u0rd/NS7bsoMxOTq:oHKP/VkNVS9cJBrDS7Y3xOTq
TLSH A7F2E1183F756E07F834E261A7DB030A25AB01E16E693DFA246137C409DB179A6BF19C
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

From: 최한국/Choi, Han-guk<hgchoi@hls.co.kr>
Subject: FW: RE:URGENT!!! 견적 요청 New ship Building
Attachment: Requisition.zip (contains "Requisition.exe")

GuLoader payload URL:
https://cloudfiree.ga/mana.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:10:14 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 16f8c8c1f740fcb37b959d53a0299c1081235edbdb9bc2d0a680f8fd48f84e4e

(this sample)

GuLoader

Executable exe 8fa25253be84f6b1e560ff5a2e59e25dbb1664d771229073e66fad3335d74fd0

  
URLhaus
https://urlhaus.abuse.ch/url/368736/
  
Dropping
MD5 26390ee94497625eddace76cbb9eef09
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8fa25253be84f6b1e560ff5a2e59e25dbb1664d771229073e66fad3335d74fd0

Comments