MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d08c4cf9a624062b448e14b7ebcef3e821b97caa9d3c451209253ee2380dc40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d08c4cf9a624062b448e14b7ebcef3e821b97caa9d3c451209253ee2380dc40
SHA3-384 hash: 613f38843637bd788929f1cf6f5a9ae2d18e85e4a7e255a4cf441b2f96d41c98318a8e9a8911bbd78a6c50c887be4e92
SHA1 hash: 9efa0bc357f1f703f8aed3574e4a84bdccebde0b
MD5 hash: 7d09a010801dd1e05fe3ac8185bf3937
humanhash: shade-finch-comet-december
File name:SQ0947845.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:74'091 bytes
First seen:2020-06-03 13:09:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:20ZjduRC4pziiIqAXLOvECnWI/8ZR+prnDvVelcxWjTSFyQjJ:7joI7EEC7/8SpTDNqcgHQ
TLSH B373017DE821EA99F5E2F11B03B2A63BECC03286AF6714655372A436E5F720589005ED
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: coreit.mynewserver.com
Sending IP: 88.99.38.211
From: "Christina" <christina.ioannidou@theluxuryspot.gr>
Reply-To: "Christina" <tolentinomavi13@yahoo.com>
Subject: Inquiry // PO_0947845
Attachment: SQ0947845.gz (contains "SQ0947845.exe")

GuLoader payload URL:
https://rakamari.in/bryt1_ifwWn45.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 02:41:12 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=duemjt42mjagfnci4ffx5phph2bbxf6kvhj4iujasjj64i4a3raa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1d08c4cf9a624062b448e14b7ebcef3e821b97caa9d3c451209253ee2380dc40

(this sample)

GuLoader

Executable exe b1870a333468762962079f0f81ecd22f7e40e53c504dd031e999761f267bc347

  
URLhaus
https://urlhaus.abuse.ch/url/376010/
  
Dropping
MD5 68905aafacdace6c793ac0714be4f062
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b1870a333468762962079f0f81ecd22f7e40e53c504dd031e999761f267bc347

Comments