MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19143707424dd43a27d915413ce2872df4cfb555b300c5134dacf48b073119e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19143707424dd43a27d915413ce2872df4cfb555b300c5134dacf48b073119e9
SHA3-384 hash: 27c2bb266dfbe7a0153d650de5abdb7dcd00e2d4fd84d8adad99f2f7f0fb94a2af1d74624bc3a6619607a0474c8cd810
SHA1 hash: afadc231c79df28af3a24cde9439efe62252aec5
MD5 hash: d5da6181297d940a1c196cd926c163f2
humanhash: tennis-thirteen-sad-hamper
File name:SC_TR11670000.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:28'905 bytes
First seen:2020-05-27 12:58:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:uS7moSac4od9U5pwfC0Uabj9dRGRssBZmRMUtjS:xHScodcIxdRMsimR9g
TLSH 09D2F1691998FF672844CA1D4DEACCDF72FE89CFA70C51E050989A23DCF4249A0BE409
Reporter abuse_ch
Tags:GuLoader rar SCB


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.gtrit.com.my
Sending IP: 103.18.246.122
From: Standard Chartered Bank<AdvicesMY@sc.com>
Subject: SUBJECT:Advice from Standard Chartered Bank
Attachment: SC_TR11670000.rar (contains "SC_TR11670000.exe")

GuLoader payload URL:
https://qif.ac.ke/flow_AoGPhiVz245.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 10:43:08 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 19143707424dd43a27d915413ce2872df4cfb555b300c5134dacf48b073119e9

(this sample)

GuLoader

Executable exe b3ffcbb8279a9fd2b833c99170fd8cf01f9b5209617840dd8cc4411989d5e479

  
URLhaus
https://urlhaus.abuse.ch/url/365459/
  
Dropping
MD5 24e0b449374454322001d066d0b8be71
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3ffcbb8279a9fd2b833c99170fd8cf01f9b5209617840dd8cc4411989d5e479

Comments