MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 365af2e08bcf6bf7d5f77fefee7090c7a46219e4bf473d7eeb510da0fdc4d9a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 365af2e08bcf6bf7d5f77fefee7090c7a46219e4bf473d7eeb510da0fdc4d9a2
SHA1 hash: f2bd0df0c58562ddebb57251bd8c340b40cb9acb
MD5 hash: fb4d995017b30638247055f1165ec309
File name:Scan_payment_details.arj
Download: download sample
Signature GuLoader
File size:24'357 bytes
First seen:2020-05-22 09:59:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:RNg6Y+KAlSxxK7pGray+PNVujpCAhLGSTdjX20+xN2jFmfS1lS2QXOKIXkL9p2/Q:iAl5pGey+rujX9GSyfYAjXO3XG9Mp+7P
TLSH 82B2E1A09AF874C69EF655B14F801E40C93642436A6A03177FBCBB6C0F6C7D9BAD8507
Reporter @abuse_ch
Tags:arj GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: ns6.kdconcept.net
Sending IP: 87.98.188.66
From: PAYABLES-MOTION <s.chen@motiontp.com.tw>
Reply-To: s.chen@motiontp.com.tw
Subject: PAYMENT RETURNED DUE TO INVALID ACCOUNT
Attachment: Scan_payment_details.arj (contains "scan_payment_details.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1p7KeQxSwuIvrVtVph5lKDxulZTagGg_P

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country FR FR
ClamAV Sanesecurity.Malware.22739.ZipHeur.UNOFFICIAL
VirusTotal:Virustotal results 29.69%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 365af2e08bcf6bf7d5f77fefee7090c7a46219e4bf473d7eeb510da0fdc4d9a2

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments