MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 363391a6817fc651fc4b7b640a48f0756b48eb7865ea83519be21b431aa1595a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 363391a6817fc651fc4b7b640a48f0756b48eb7865ea83519be21b431aa1595a
SHA3-384 hash: ad8438040cb760ea019a47efc0d3b3a7a0ddb4164e78874d53b480f88f3e14560a7cf71fd2a59068fb21d2aa01cbdc8b
SHA1 hash: bc8a0b3ec3292ac6441866238c287117e1551bd7
MD5 hash: 20cf21d05bf9c06ef4ea105ef5b2b80f
humanhash: hawaii-kansas-victor-network
File name:बंगॠन नॠसा मंदिरी चालान.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:75'504 bytes
First seen:2020-06-04 10:47:55 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 1536:i5FE2oxy3mmtnM40Fj7yR3xrLePWe3plOK5ItIY3KRrPMAcsIcM:i5FE2oxyxRN0A3x3S3Z8IRbMAcsS
TLSH BF7302A54F67F5378D7CEC39C9E3876220948E2F99C1A78298924D46D8C0B3F35592F2
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yugana.daxa.net
Sending IP: 111.221.42.94
From: UNIPOWER | Logistik | Jakarta <team3@dskusuma.com>
Subject: PT.UNIPOWER PRATAMA- INVOICE 098/I/VI/20- PO.9100326941
Attachment: बंगॠन नॠसा मंदिरी चालान.gz (contains "gunzipped")

GuLoader payload URL:
https://asmobilya.com.tr/AmHome_bhPixbUN54.bin
https://cmdtech.com.vn/AmHome_bhPixbUN54.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 11:35:50 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gyzzdjubp7dfd7clpnsaushqovvur23ymxvigum34inuggvblfna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 363391a6817fc651fc4b7b640a48f0756b48eb7865ea83519be21b431aa1595a

(this sample)

GuLoader

Executable exe 1c637176e4fd852b1b21eecdc9551ea08f4a0e42d265a22cab1cc4af8609e841

  
URLhaus
https://urlhaus.abuse.ch/url/370271/
  
Dropping
MD5 4435dfbedb0b7ceb0c0bf5036b472215
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c637176e4fd852b1b21eecdc9551ea08f4a0e42d265a22cab1cc4af8609e841

Comments