MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1872d9b0762a529a8fef7f22f8774291e460cc4f1f881b6d913c1e92f26abf72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1872d9b0762a529a8fef7f22f8774291e460cc4f1f881b6d913c1e92f26abf72
SHA3-384 hash: 093f2af330538d69aa2ac689ce7bc22e8e5bf8dde5e082d68de5e487213e890c379b1dae5b5d2dbd3b283e862750586d
SHA1 hash: 53601a1c0cad65d044125872bb6f0d035ea11d91
MD5 hash: e51778fd560e8077ed86a94a8cd3f964
humanhash: nebraska-idaho-undress-lactose
File name:specification and details for PO.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'353 bytes
First seen:2020-08-05 07:56:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:EweIvQw3ck7YADJshlz76Dficvm4Slp46OaCAR9V4oXuywQQrHn82pAQ9gLYIrgk:E63t7FChlz76D33S3vOaCET4oXUZ9gLn
TLSH 04B2F13D67C2E279657805380B742D77E3168F581E244B9B26F2380B84A06DB6BE7632
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cpsc.hk
Sending IP: 156.96.44.186
From: Nkay<nkay@cpsc.hk>
Reply-To: bquinnlin@gmail.com
Subject: CFO CSPC Holdings Ltd Order Post Rev
Attachment: specification and details for PO.zip (contains "specification and details for PO.exe")

GuLoader payload URL:
http://anakleather.ir/henryyy_rpmyokHmtf43.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1872d9b0762a529a8fef7f22f8774291e460cc4f1f881b6d913c1e92f26abf72/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 07:58:05 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dbzntmdwfjjjvd7pp4rpq52cshsgbtcpd6ebw3mrhqpjf4tkx5za._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/1872d9b0762a529a8fef7f22f8774291e460cc4f1f881b6d913c1e92f26abf72

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1872d9b0762a529a8fef7f22f8774291e460cc4f1f881b6d913c1e92f26abf72

(this sample)

GuLoader

Executable exe 121ae52814e12a816b25602c6db7ae2a86af12b1b11e9c06874b9b03c3c81e98

  
URLhaus
https://urlhaus.abuse.ch/url/424598/
  
Dropping
MD5 9a04058ddb610502c86c0bfa96573813
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 121ae52814e12a816b25602c6db7ae2a86af12b1b11e9c06874b9b03c3c81e98

Comments