MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39ef69d43e667dd123b3ea49a3e16eec2a2219636bf5a5c48369ae27a08ee5b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39ef69d43e667dd123b3ea49a3e16eec2a2219636bf5a5c48369ae27a08ee5b7
SHA3-384 hash: 65d5052d6b84490da3495e8bfa60b335b79087dcdc7a63fbcc4cc6fafb1e357f0e74d415db5813827da0aed3f1031e8c
SHA1 hash: 68a93886b7a5ef1762c101c4b6149b51a4b4b3ff
MD5 hash: 0607b0b7ff251a8956a68a82277c854a
humanhash: november-whiskey-mississippi-carbon
File name:PO 7467.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:23'691 bytes
First seen:2020-05-22 15:04:30 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:XtCDYnfNkiYO/+8OXtwi2Afoy3D0zpGepaQfM6KaNUHP+iLQs/zlEYLz4gCQAJ:gO2iY38+fP3D0zpG6ax6H8WiLfuc8gCr
TLSH EBB2D009E9F4248D8DED0283C41FA0629732868F5739F199DC83CD64A89EE45DFD9B0D
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mx5.chaiyohosting.com
Sending IP: 58.181.206.97
From: <vichai@technoplast.co.th>
Subject: Purchase order.
Attachment: PO 7467.gz (contains "File.scr")

GuLoader payload URL:
http://creativewg.com/feed_sxnWm239.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 15:35:45 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 39ef69d43e667dd123b3ea49a3e16eec2a2219636bf5a5c48369ae27a08ee5b7

(this sample)

GuLoader

Executable exe c2dd8076e0be5f411f0677f1e03f7fc9cdae5df7072200d894e7247b4a5f5a2c

  
URLhaus
https://urlhaus.abuse.ch/url/366786/
  
Dropping
MD5 8ea0b2be2febe4eddf6e453340812694
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c2dd8076e0be5f411f0677f1e03f7fc9cdae5df7072200d894e7247b4a5f5a2c

Comments