MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18ba8827bd2f730a976dd60ef891f058059da676b2883f38bbb9feccc20bbd3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18ba8827bd2f730a976dd60ef891f058059da676b2883f38bbb9feccc20bbd3f
SHA3-384 hash: 1cc4272819a865a9fdb7f0f9e84b34f63acc58baeea703756306a12a19abeacb392d060d09f17f060586ae3af2f6b214
SHA1 hash: bcf86127ac3a1e3cff70eb291957a616b749b2ea
MD5 hash: 79d6fc1935cbb5389251f2370dfb1d37
humanhash: undress-twenty-lake-lithium
File name:Transfer reference.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:42'036 bytes
First seen:2020-06-09 06:34:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:n5fs2fa+L06bOsilOqU+Gs3S6RUiFVQ4Z1AcV6OuqqIKQEHLFHvXj2U:K2HQyqrGGSi7FOC1AcUmKLHhHL2U
TLSH AD13F1C7A31E42F899DA0135FD8F8D6CBCD6514608ED02A139ACC593F9F878712897D6
Reporter abuse_ch
Tags:GuLoader gz SCB


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: coreit.mynewserver.com
Sending IP: 88.99.38.211
From: Standard Chartered Bank VN - Cash Management Operations <kelly.giotopoulou@theluxuryspot.gr>
Reply-To: Standard Chartered Bank VN - Cash Management Operations <Cash.Management@cjcasht.info>
Subject: SR-VN-20200604-P05536 PENDING OUTWARD REMITTANCE(S) - Attached Transaction reference - USD 1,533,572.41
Attachment: Transfer reference.gz (contains "Transfer reference.exe")

GuLoader payload URL:
https://octagongrinning.site/bryt1_vpzmnWwm20.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 02:03:27 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dc5iqj55f5zqvf3n2yhprepqlacz3jtwwked6of3xh7mzqqlxu7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 18ba8827bd2f730a976dd60ef891f058059da676b2883f38bbb9feccc20bbd3f

(this sample)

GuLoader

Executable exe c2a89ad45cb8155c18ddea788ecbc9ba9643ecd4e93e9711a736af4a52091632

  
URLhaus
https://urlhaus.abuse.ch/url/384275/
  
Dropping
MD5 03b2c69e12950d8dc8e75e10191ace9f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c2a89ad45cb8155c18ddea788ecbc9ba9643ecd4e93e9711a736af4a52091632

Comments