MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39ef69d43e667dd123b3ea49a3e16eec2a2219636bf5a5c48369ae27a08ee5b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 39ef69d43e667dd123b3ea49a3e16eec2a2219636bf5a5c48369ae27a08ee5b7
SHA1 hash: 68a93886b7a5ef1762c101c4b6149b51a4b4b3ff
MD5 hash: 0607b0b7ff251a8956a68a82277c854a
File name:PO 7467.gz
Download: download sample
Signature GuLoader
File size:23'691 bytes
First seen:2020-05-22 15:04:30 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:XtCDYnfNkiYO/+8OXtwi2Afoy3D0zpGepaQfM6KaNUHP+iLQs/zlEYLz4gCQAJ:gO2iY38+fP3D0zpG6ax6H8WiLfuc8gCr
TLSH EBB2D009E9F4248D8DED0283C41FA0629732868F5739F199DC83CD64A89EE45DFD9B0D
Reporter @abuse_ch
Tags:GuLoader gz


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mx5.chaiyohosting.com
Sending IP: 58.181.206.97
From: <vichai@technoplast.co.th>
Subject: Purchase order.
Attachment: PO 7467.gz (contains "File.scr")

GuLoader payload URL:
http://creativewg.com/feed_sxnWm239.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 8.20%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 39ef69d43e667dd123b3ea49a3e16eec2a2219636bf5a5c48369ae27a08ee5b7

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments