MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2514cc0d95a79227b308e5834eb780ba105109fcc7fc02fc11ef3a03e61cac46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 2514cc0d95a79227b308e5834eb780ba105109fcc7fc02fc11ef3a03e61cac46
SHA1 hash: 8800c84003fe9b54ec21f4a79209c4638f312dd9
MD5 hash: 9bd08bbe4d3eab4df495d31ff9c6d240
File name:AMENDED P.O_images.exe
Download: download sample
Signature GuLoader
File size:94'208 bytes
First seen:2020-05-23 11:51:45 UTC
Last seen:2020-05-23 13:13:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 36a1a71e4497367a50bb2e59ccf610c1
ssdeep 768:OgBdaWjps3LJPMS4YjUzNoo/1/jdSm/mO3SD9MZnTogl05rqSovD8OVo1sFk:nBdaIiWzNoxImSSD+XlWP1n
TLSH 13931921B5D4EDE2FD310FB24E368B583177AC3018955A0378DABB1C793299AB626347
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: server.example.com
Sending IP: 103.114.106.250
From: Suzhou Liansheng Chemistry Co., Ltd.. <admin@mogioan.cf>
Subject: FWD: AMENDED P.O for Reference
Attachment: AMENDED P.O_images..rar (contains "AMENDED P.O_images.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1C4LbTAj2Iz0hof2dm2Oa8C6n_KeBmPrq

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 20
Origin country US US
ClamAV SecuriteInfo.com.Trojan.Hosts.47612.9836.32702.UNOFFICIAL
VirusTotal:Virustotal results 23.94%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 2514cc0d95a79227b308e5834eb780ba105109fcc7fc02fc11ef3a03e61cac46

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments