MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31f17427c65f5ee718caee353fa34ca2a3e0e6f0d49ca03acd9fbf986ae6c174. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31f17427c65f5ee718caee353fa34ca2a3e0e6f0d49ca03acd9fbf986ae6c174
SHA3-384 hash: ecfee4792398c4945c4f80e300aed890bd142ba2e78ba256e5a7b7f37dfa9454ee18173a2de0ddcc1c8e2596db7ae808
SHA1 hash: bb3fd09fe6f21827aa6d143d8597bdc773f00e15
MD5 hash: 59bf22f02574a513dad393e0b1bfc707
humanhash: princess-lithium-may-four
File name:INQUIRY.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:32'022 bytes
First seen:2020-05-26 07:51:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:dRT835YMxyUm71jNNRhRODla6pdYBZmGmyIjAgkqm8IhIYcIZ:DO5nyUmBjNNXEDla6pd+ZMyIzkR8I2Yv
TLSH B6E2F206C695C8C6C74C81997B1F928ABD4E063E6479ED8CD633D371A8ED77124EE808
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Howe Robinson Partners/ SNP <snp@howerobinson.com>
Subject: CARGO INQUIRY
Attachment: INQUIRY.rar (contains "INQUIRY.exe")

GuLoader payload URL:
https://thedebagroup.com/man.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:36:44 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
13 of 30 (43.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 31f17427c65f5ee718caee353fa34ca2a3e0e6f0d49ca03acd9fbf986ae6c174

(this sample)

GuLoader

Executable exe 9767731cae5b82c792fc165a9f024425866ca4fbde32b2dd4e9ac6fe12bc3548

  
URLhaus
https://urlhaus.abuse.ch/url/368712/
  
Dropping
MD5 6165ac76ca223f573e4763a03442a285
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9767731cae5b82c792fc165a9f024425866ca4fbde32b2dd4e9ac6fe12bc3548

Comments