MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a4afd6c222e7717387d741dc3832d6d165d0d4c48653597157afd14e5bc84a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a4afd6c222e7717387d741dc3832d6d165d0d4c48653597157afd14e5bc84a4
SHA3-384 hash: cfc76fdaca44663e25b31eb4e76fc06e43c603bd9546db032bc172e52637ace21eed9d1e7364647df698af3a5dc4c651
SHA1 hash: 60233ddfbfc117411235098a50b69c7a6b5a7c28
MD5 hash: 4000ad0741c0ed891167fcef10a0b9da
humanhash: pasta-connecticut-maryland-zulu
File name:Payment Advise.r00
Download: download sample
Signature GuLoader
Create hunting rule
File size:22'061 bytes
First seen:2020-05-12 16:33:58 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 384:0j7a276AH9TqbwtCPoM4J8qYSl1Y/ajRk+Z4penkbrBzBeWZ7+:dAltxJ/M/a1XZ4lrBFeWZS
TLSH 0CA2E0444A8E41592F0AB71A516E3DC256CECD220F5D96B38FF9B598F0BBFA1C0C5784
Reporter abuse_ch
Tags:GMX GuLoader r00


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mout.kundenserver.de
Sending IP: 212.227.126.130
From: ketanmehta@ketanchemicals.com
Subject: APOLOGY-DELAY IN PAYMENT
Attachment: Payment Advise.r00 (contains "Payment Advise.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:36:45 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=djfp23bcfz3rood5oqo4haznnulf2dkmjbstlfyvpl6rjzn4qssa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r00 1a4afd6c222e7717387d741dc3832d6d165d0d4c48653597157afd14e5bc84a4

(this sample)

GuLoader

Executable exe 61e4815609e7e61d192053a312222c33982898384568b4a217ec4602b5e1952f

  
Dropping
MD5 21abedbf2780bb88e6da7fbc83aacaa7
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61e4815609e7e61d192053a312222c33982898384568b4a217ec4602b5e1952f

Comments