MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c7102315b23da707349fd8f2e781eb2eb201a960071410b1c9e3442c067e041. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c7102315b23da707349fd8f2e781eb2eb201a960071410b1c9e3442c067e041
SHA3-384 hash: e5198c12d84996db948dc865c18ba944897a0d579dfcb748ffa2b9ea893da2f4266330f9151abe4cfd6e403329431999
SHA1 hash: 2ea69d9619cc1d202a28e8c4405b0822652feb9e
MD5 hash: 61fa4c516f7ae56875b00d8ce86f7e1c
humanhash: romeo-potato-london-west
File name:NEW_ORDER_SPECIFICATIONS__CONTRACT_DOCUMENTS.r10
Download: download sample
Signature GuLoader
Create hunting rule
File size:44'231 bytes
First seen:2020-06-08 14:46:19 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:nZRKz/5/niKMHX3ypOltrT5N4iUNqTby8Ni0TjvM7X/mnS:Kz1niK2XCp6FTf4i1TAmzkX/Z
TLSH BB13F11B6DF013415FCA718F1EAB2214DB9E58412768D9291867DFC43FE33ED1BAA120
Reporter abuse_ch
Tags:GuLoader r10


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: globalsuppliers.com
Sending IP: 199.127.103.228
From: Purchasing Manager <sale5@globalsuppliers.com>
Subject: We request for Quotation for our attached order.
Attachment: NEW_ORDER_SPECIFICATIONS__CONTRACT_DOCUMENTS.r10 (contains "NEW_ORDER_SPECIFICATIONS_&_CONTRACT_DOCUMENTS.bat")

GuLoader payload URL:
https://onedrive.live.com/download?cid=8CA507BAA15FDB5C&resid=8CA507BAA15FDB5C%21183&authkey=ALMZ757neDQlM-c

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Dropper.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-08 14:48:05 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fryqemk3epnha42j7whs46a6wlvsaguwabyuccy4ty2efqdh4baq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 2c7102315b23da707349fd8f2e781eb2eb201a960071410b1c9e3442c067e041

(this sample)

GuLoader

Executable exe fc69637262c3ccd722552ece430c078195f3999934cccabdb2fcf0a6e2fe9446

  
URLhaus
https://urlhaus.abuse.ch/url/382504/
  
Dropping
MD5 d9e0939e264b317c57acea46ca3e261f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fc69637262c3ccd722552ece430c078195f3999934cccabdb2fcf0a6e2fe9446

Comments