MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3011c4b8f9a11fa19f9771356f33a674e90456e8634ce597f885f046b8b51b5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3011c4b8f9a11fa19f9771356f33a674e90456e8634ce597f885f046b8b51b5a
SHA3-384 hash: 6be56c4e2a18a39ceb26d08ea8fd1b34d9008a0164cb68f80343c9079a8f7c34c643e3367e3bf9db18f1ffb688ec121d
SHA1 hash: 3a7692940e32332cb314c646a102b3216692a30d
MD5 hash: 8ca1ec392b359a8c8f62eced1297c91c
humanhash: robin-seven-autumn-may
File name:Quote Power TK - Perkins TR ESC Stok Durumu 04.06.2020 Power TK - Perkins TR ESC.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:20'254 bytes
First seen:2020-06-04 10:47:50 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 384:5QkQULLbTw51iqcTaDSRhax0UNdu5Y7AzIllhXnQCHZk4sIP:pQeLY1qGK0TNdT2eQCHZk4sIP
TLSH 1A92D02C70CEA71AF57BA1ACD7B38919C963CCD22C36B801BD2AA1D5414D9E12280F7C
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: clean205.mxserver.ro
Sending IP: 176.223.124.55
From: Hamza Kray <hkray@powertk.com.tr>
Subject: Quote Power TK - Perkins (TR & ESC) Stok Durumu 04.06.2020 (Power TK - Perkins (TR & ESC)
Attachment: Quote Power TK - Perkins TR ESC Stok Durumu 04.06.2020 Power TK - Perkins TR ESC.gz (contains "gunzipped")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1RFEcyvZjGsxKyjruUfoykVIq8Z2h7v7s

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 08:49:41 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gai4johzuep2dh4xoe2w6m5gotuqivximngolf7yqxyenofvdnna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 3011c4b8f9a11fa19f9771356f33a674e90456e8634ce597f885f046b8b51b5a

(this sample)

GuLoader

Executable exe f8bafa64755f10484342423a2069ab6f9f817065b1f6bd45db2032677c64b7ad

  
Dropping
MD5 7c3a40464f8860d06f2cae80ec905339
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f8bafa64755f10484342423a2069ab6f9f817065b1f6bd45db2032677c64b7ad

Comments