MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dd61e13d2874faa5067bb0ea4ccf20de4a640ba8437378e18317275ff848819. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1dd61e13d2874faa5067bb0ea4ccf20de4a640ba8437378e18317275ff848819
SHA3-384 hash: f1d54672d6b05ade3844c2e92e086d1974b52ee92558933998c181911076053815244fd6c3e2c4b53d747f115c0a3ba4
SHA1 hash: ccf894b7fb14a87d56c9a3025a3d816af0ca9892
MD5 hash: 234c0abb62f017f731ea6021f7e6321f
humanhash: lamp-beryllium-potato-shade
File name:PO ALMAHAPDF.ARJ
Download: download sample
Signature GuLoader
Create hunting rule
File size:74'620 bytes
First seen:2020-06-03 13:28:55 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 1536:ue0LTWGgOeMVHkKiR0XTXRqLC2ZqFz/OZwditkJMq6FLSTvJDdDM:10L/gI4R0XTBqrmOZwdsnMpdg
TLSH C37302545418B43B0EA3EFA30F6683F1C56EF5DE56D9845C8980DB428A7DC2C8E8B276
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dns109225.phdns5.es
Sending IP: 185.68.109.225
From: Ali Hamood Al-Marhubi <cherrysammy101@gmail.com>
Subject: FIND ORDER FROM ALMAHA
Attachment: PO ALMAHAPDF.ARJ (contains "Heterosipho.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1JB6-07Y-2ABgBQDUUS0Ohd85ph1XbBG5

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:21 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dxlb4e6sq5h2uudhxmhkjthsbxskmqf2qq3tpdqygfzhl74eramq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 1dd61e13d2874faa5067bb0ea4ccf20de4a640ba8437378e18317275ff848819

(this sample)

GuLoader

Executable exe 26696d196e986fff9dee1658e3a502745410101d3709ec129be7d100fcd8f526

  
URLhaus
https://urlhaus.abuse.ch/url/376188/
  
Dropping
MD5 1ac773f0be912401807146c6e65e4f87
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 26696d196e986fff9dee1658e3a502745410101d3709ec129be7d100fcd8f526

Comments