MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 351b71a4906838bcb45e8f280962debcec499e831cbbfcf9f2777275827f33c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 351b71a4906838bcb45e8f280962debcec499e831cbbfcf9f2777275827f33c0
SHA1 hash: f640a3b31cf5f8c547de626d107134c5a9a42dda
MD5 hash: e5c2b701564ef7132905f1f63b7c1ec4
File name:AMENDED P.O_images.rar
Download: download sample
Signature GuLoader
File size:23'416 bytes
First seen:2020-05-22 09:51:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:wNbJiUXahAv1PnXdnHhF2q237uJUI1Pef5LaQnHnmqmKW66/p2Yd6DGfIQnqYb+6:wN9ilARX9X/2ruCI1mf1zGHKW6cx6Dul
TLSH 23B2E08592493E8042E9B6B3052747C9352554AABD01CA27F34ACC873E4FEEE47D387B
Reporter @abuse_ch
Tags:GuLoader rar


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: server.example.com
Sending IP: 103.114.106.250
From: Suzhou Liansheng Chemistry Co., Ltd.. <admin@mogioan.cf>
Subject: FWD: AMENDED P.O for Reference
Attachment: AMENDED P.O_images.rar (contains "AMENDED P.O_images.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1LSN29XHUA1LLLJZDtVkmfeCb_UtqBcxc

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 20
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 11.67%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 351b71a4906838bcb45e8f280962debcec499e831cbbfcf9f2777275827f33c0

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments