MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28ea39f7708fc87b567a4fb75fbfe5198b8dca4116e405c074e26dcfd2d69f21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 28ea39f7708fc87b567a4fb75fbfe5198b8dca4116e405c074e26dcfd2d69f21
SHA3-384 hash: 028f76c1913e3ab66c48121639ea6fa8dbbd31c3971ca3caebdee01a11b36cc8d88e6528ab7393df09351a5250e08231
SHA1 hash: 19dc25226a95ca8af00984faf45827b7e95f5dba
MD5 hash: 31cdb69a08426824b1678058ec5b46fd
humanhash: equal-six-robert-missouri
File name:quotation.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:47'009 bytes
First seen:2020-06-08 12:14:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:72rzu/2MW0yOfP/+nfcYO5/7YTT/36c7F+s04J/LqpdUJ2ovOm59LsUiAPcK5PD:72r+bWqHsusPqs0YsqOUL/nD
TLSH D8230255413B412CA395EC82A5365701C5E00682AD39FD9EC85C52EFDDCB2708FBBC9B
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dd42314.kasserver.com
Sending IP: 85.13.157.240
From: balasus@aachtal-apotheke.de
Subject: Re: quotation/INV655
Attachment: quotation.zip (contains "quotation.exe")

GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21710.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:16:05 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fdvdt53qr7ehwvt2j63v7p7fdgfy3ssbc3salqdu4jw47uwwt4qq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 28ea39f7708fc87b567a4fb75fbfe5198b8dca4116e405c074e26dcfd2d69f21

(this sample)

GuLoader

Executable exe 4bed372d49cbb980146b1900cf0e641d7e5e9a72a25afbeea28ff996cb93da5a

  
URLhaus
https://urlhaus.abuse.ch/url/369174/
  
Dropping
MD5 8a3c722ff3b20e1138da11dbfaee89c0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4bed372d49cbb980146b1900cf0e641d7e5e9a72a25afbeea28ff996cb93da5a

Comments