MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2309b6d2945783226fa5c9f61864cab4ec20f9a171ac0f3fc6eea5b704f16058. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2309b6d2945783226fa5c9f61864cab4ec20f9a171ac0f3fc6eea5b704f16058
SHA3-384 hash: fe001a40253b31e0da60ee59822a43d512de569b97277e25ff4c0932948d009389a284fd936a8e6c5f585f5a8c2f5e4a
SHA1 hash: f7b6a0594fb924118d1889bc94107e694d591160
MD5 hash: 032cb6f862b528642c1599de9dfeea0a
humanhash: connecticut-winter-lima-winter
File name:Nl EU Purchase Order 100-211.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:47'075 bytes
First seen:2020-06-08 14:47:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:vK3dhW/w18ID/VyYCAwM/QdxbNHbUmLOkl6vFa+HoiqQqwR8WMtiEbwp:MhW/w7iAwM/QbJHbUmx6I+IifdWbRwp
TLSH 4E2302B9AB0F8AEED35F372044B2768A431214578F4D8D9B0B733E5B5D40826187BFA1
Reporter abuse_ch
Tags:CIC FRA geo GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: win-hpn82nuha6u
Sending IP: 116.203.107.188
From: BANQUE CIC NORD OUEST <nepasrepondre@cic.fr>
Subject: Payment copy
Attachment: Nl EU Purchase Order 100-211.zip (contains "Nl & EU Purchase Order 100-211.exe")

GuLoader payload URL:
http://185.141.27.137/ibbin/bin_tfDUQwQJa34.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:49:06 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eme3nuuuk6bse35fzh3bqzgkwtwcb6nbogwa6p6g52s3obhrmbma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2309b6d2945783226fa5c9f61864cab4ec20f9a171ac0f3fc6eea5b704f16058

(this sample)

GuLoader

Executable exe 8dfca70c89e2310b9f8af5cff4ace9dc09676db2e19950afb205518c581f9627

  
URLhaus
https://urlhaus.abuse.ch/url/383231/
  
Dropping
MD5 f8c5f4c8ec7f6d92fe2d7279665c810e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8dfca70c89e2310b9f8af5cff4ace9dc09676db2e19950afb205518c581f9627

Comments