MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f8be56475ab19337da51d7da4b304611a8310f23f522df41a67c82f378ae08c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f8be56475ab19337da51d7da4b304611a8310f23f522df41a67c82f378ae08c
SHA3-384 hash: 8131fe4b1f452398af51c40e84e49fae44ab5fcd117bf1ee7ea58e5ec44447224044514a72bb34d8580fc57ad55c3493
SHA1 hash: 8bf106c08b2c68837fd030cfe03ea746e24ba273
MD5 hash: b7bf2f2266a36decb9630d15bb14bf8d
humanhash: triple-skylark-south-football
File name:PO_1174184.XLS.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:30'506 bytes
First seen:2020-05-26 07:34:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:D7Dpf9H9aEopJCwbo8ZZkFHibp2jKFGA4pqmx6h8NA2UDDLjdibL7jeYAtueAtUl:/D56mllFSeK8L7x6h8DU3sLRAlAtmISD
TLSH FFD2E15D1DF700B843A74F60A7B1E911880D4E215F96E4A6FFE216E2D68F2C0D5E8DAC
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: icpgroup.com
Sending IP: 37.49.230.137
From: Purchase <jalvarez@icpgroup.com>
Subject: Purchase order: 1174184
Attachment: PO_1174184.XLS.zip (contains "PO_1174184.XLS.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1LrP3bbTBd3gWEFVsd55cSLffB_7w_1uW

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Dynamer
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 20:45:58 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 1f8be56475ab19337da51d7da4b304611a8310f23f522df41a67c82f378ae08c

(this sample)

GuLoader

Executable exe da512b133967f3db61051f84669d6fadf309e53ac72906d581e8bb72851d726e

  
URLhaus
https://urlhaus.abuse.ch/url/368646/
  
Dropping
MD5 5fb2d3b0d3fad52e6be65001a61cb6d2
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da512b133967f3db61051f84669d6fadf309e53ac72906d581e8bb72851d726e

Comments