MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1acc43425559a4a92b0475c6b3b26e328903ed999bf837f7ed53d156e22cc580. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1acc43425559a4a92b0475c6b3b26e328903ed999bf837f7ed53d156e22cc580
SHA3-384 hash: 861c0b81f118f49547ff699a8e8a52d271f451ad9730a86a062ac5fea70a20bf71e6cbd8910d537fdec2360dcaedab4f
SHA1 hash: 3b877ff358756783f150b69948aec45f64df7121
MD5 hash: 062a547c9e23c660281a5a3224a8aaeb
humanhash: summer-september-high-potato
File name:obrazac zahtjeva za preventivnu opreme.pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:36'086 bytes
First seen:2020-06-02 11:37:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:x67jx/fmZjFrz9Q0ISUS9uLRHOWeTSj+zYUXCa64Ht6Eu5KQgL:x6puZJP/FgmfDzHt6F51gL
TLSH C0F2F2B6BFB7B4141434CEEC6C1A731EB84B5F2011EFBF12D82556CB290586DC6AA0D6
Reporter abuse_ch
Tags:COVID-19 geo GuLoader SRB zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cpanel.geoenergetika.serv.si
Sending IP: 195.144.26.50
From: Institut za zdravstvo Srbije <katarina.Vojvodic@covid19.rs>
Reply-To: katarina.Vojvodic@batut.org.rs
Subject: Distribucija zaštitne opreme Covid-19 (Ministarstvo zdravlja Srbije) Juna 2020
Attachment: obrazac zahtjeva za preventivnu opreme.pdf.zip (contains "obrazac zahtjeva za preventivnu opreme.pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1KdEvmXHD7G3-Kbvb12tzPSmLYcNY7cle

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 12:36:58 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dlgegqsvlgskskyeoxdlhmtogkeqh3mztp4dp57nkpivnyrmywaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1acc43425559a4a92b0475c6b3b26e328903ed999bf837f7ed53d156e22cc580

(this sample)

GuLoader

Executable exe 32922de2503537acaf01c6ea91ecbbf5af81282f1847110792464144f34451c2

  
URLhaus
https://urlhaus.abuse.ch/url/374412/
  
Dropping
MD5 8b17a2f37ab400b6d6ca8d56d1f030aa
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 32922de2503537acaf01c6ea91ecbbf5af81282f1847110792464144f34451c2

Comments