MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2def11c221bb4eba0550040a81e69565033cbbb4975a26936e42699188212e07. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2def11c221bb4eba0550040a81e69565033cbbb4975a26936e42699188212e07
SHA3-384 hash: d5f3c115358c40af297d5c72e340d339195856669844497ee352366a8dcf30824b7ba0322278fcf229e0519d4fc31870
SHA1 hash: d8eb408aa4cdb03dca1a57c1b7d1c307b6af73a7
MD5 hash: d3773b2f6e3e7bd69b65a10480467d6a
humanhash: magazine-social-fix-glucose
File name:Swift Copy 05262020.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:30'842 bytes
First seen:2020-05-26 15:28:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:lQloDYDlF6inBCwyV4O1uI1YNzRDam0bg:3DJ6BCcOkR+fg
TLSH 8FD2F241E925F11D66788432978C628EE8876413C2FB32A21C4BF1131973D6F6B74BE7
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: digamma.host-in-europe.com
Sending IP: 62.75.189.83
From: kudinova@otis.kz
Subject: payment advice/Quotation
Attachment: Swift Copy 05262020.zip (contains "Swift Copy #05262020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Gf_55MdLxRl8DVWnj82K3cd9rQa9b0bL

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.879400.1551.24386.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 15:35:39 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 2def11c221bb4eba0550040a81e69565033cbbb4975a26936e42699188212e07

(this sample)

GuLoader

Executable exe 9edf9f4b9af50cf91f5cf08494f0374a29452d26e71438eb5d05b66cad0558d3

  
URLhaus
https://urlhaus.abuse.ch/url/369193/
  
Dropping
MD5 be68e55e33f3b1462deac12f241702f0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9edf9f4b9af50cf91f5cf08494f0374a29452d26e71438eb5d05b66cad0558d3

Comments