MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35e3c6d0b042106a91e1e9cfaf362ef2fcd0801bb8d1f1b993ebfa34ac8357a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 35e3c6d0b042106a91e1e9cfaf362ef2fcd0801bb8d1f1b993ebfa34ac8357a2
SHA3-384 hash: 21083769322d642f21c6bd49f3f79ebf7e87261f524fc443ae15679c5d8aa7171b050ea9f3be6908c9b7dd1f720b1ea0
SHA1 hash: 7863603e53b5b35d592eb55d90ddd5fbc3cdadd7
MD5 hash: a7088a431d375bd211b9c63e55d8bad2
humanhash: fix-beer-music-juliet
File name:Proof of payment.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2021-01-14 20:12:14 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:bKig/cNNfIdAJPZZ8zYaFBm5U5XeEwvJrK2obPm+1NQ3git3rSLyNmra7ZqdOR:bKig/cNNf5JhZeYaJpegrl1NQzxQwn
TLSH CA45E7615A26DC65E6918030FC123AF440622E60F542BAFB709D7E2D7BF3BD055E2B1E
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: outbound.beonline247.co.za
Sending IP: 196.6.233.230
From: <krielsmith1@moorreesburg.net>
Reply-To: krielsmith1@moorreesburg.net
Subject: proof payment
Attachment: Proof of payment.img (contains "Proof of payment.exe")

GuLoader payload URL:
http://www.sowetoson.com/new/Host_yjwloaz52.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
238
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Popuper-6870622-0
Create hunting rule

PUA.Win.Adware.Popuper-6888135-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/35e3c6d0b042106a91e1e9cfaf362ef2fcd0801bb8d1f1b993ebfa34ac8357a2/
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 12:41:16 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gxr4nufqiiigvepb5hh26nro6l6nbaa3xdi7domt5p5djledk6ra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/35e3c6d0b042106a91e1e9cfaf362ef2fcd0801bb8d1f1b993ebfa34ac8357a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 35e3c6d0b042106a91e1e9cfaf362ef2fcd0801bb8d1f1b993ebfa34ac8357a2

(this sample)

GuLoader

Executable exe 104c501ae9645ce51507f20ce38690bb928cd4ce49fa769022aab6c894f0ca8e

  
URLhaus
https://urlhaus.abuse.ch/url/960944/
  
Dropping
MD5 367b14ed63cc16ae5b19e5bcd41d2006
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 104c501ae9645ce51507f20ce38690bb928cd4ce49fa769022aab6c894f0ca8e

Comments