MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36844cc8003808ad1b2a6526573d6a825a06bab4adf127448e41678b766b183e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36844cc8003808ad1b2a6526573d6a825a06bab4adf127448e41678b766b183e
SHA3-384 hash: 2f5693783caca8f31bc8c31d6e49fb51fec29ae2719ccb2ae66d0b3ecda6648b9dc8d0062e7026289f3c02e798c14678
SHA1 hash: 26cc1c0f2645100b379e3ac5aee529db271ff0d4
MD5 hash: 8558af9484f56ae476ce7372357dea76
humanhash: papa-virginia-july-blue
File name:Quote_98045300_76873342.R23.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:30'065 bytes
First seen:2020-05-26 07:23:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:V+Se7SXQB5vSdUKXNO5ivfDOI/7/pwmhx9Q00mVa5J7okdU1hjdISos4KW8xLo11:8SXHdJsmVNPz0X5ekULR8shxLo1DeX0
TLSH B2D2E10E3E9A582EA02B0839C1DD3ED4B7569FEBB3534529A000F7A9055F10391FB9D2
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 103.89.88.225
From: Nguyen Thi Kim Thanh (Ms) <Nguyen@gmail.com>
Reply-To: goodluckfresh@gmail.com
Subject: RE:Quote_98045300_76873342
Attachment: Quote_98045300_76873342.R23.zip (contains "Quote_98045300_76873342.exe")

GuLoader payload URL:
http://hosseinsoltani.ir/wp-includes/dochucks_KSJQkGQp208.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.49585.8848.19028.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 10:06:10 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 36844cc8003808ad1b2a6526573d6a825a06bab4adf127448e41678b766b183e

(this sample)

GuLoader

Executable exe f5ba84be536fb699181da95313618672a534c31009346ce21f3b116aaaa34b70

  
URLhaus
https://urlhaus.abuse.ch/url/368663/
  
Dropping
MD5 9dd767fd95cf00b63facd50b8c4a5d7a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f5ba84be536fb699181da95313618672a534c31009346ce21f3b116aaaa34b70

Comments