MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a1b32b0a79280e2d16a244d8c20da0b5d70b2fe8de8ce4109989d1487da21ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a1b32b0a79280e2d16a244d8c20da0b5d70b2fe8de8ce4109989d1487da21ed
SHA3-384 hash: 3b050a4ca1ec112ec04b636c6886ddb34a71426d678f9065bd101def6779808394f51e0c034b1e7c761231645f4a825b
SHA1 hash: 47eb379f708b0ca7502ecb899e11402f1eec30ce
MD5 hash: a2b5bf9ecef9f4a45471935402760e23
humanhash: white-pip-minnesota-michigan
File name:AWB 9284730932.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:32'290 bytes
First seen:2020-12-02 09:19:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:5WcfH4r9fru2EBLm7S9Tf0cc/hR1hJ7YX8qFbcFc:5QCm7aI1hJ7YXxbce
TLSH EEE2F22BBCD0E06999AA02857A1813B28FB1F5D35DEC4BBC707C33E08E65554B5F28A1
Reporter abuse_ch
Tags:DHL GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.inspiren.my
Sending IP: 137.59.109.82
From: DHL Express<eawb@iddhl.com>
Subject: EAWB Notification
Attachment: AWB 9284730932.rar (contains "AWB# 9284730932.exe")

GuLoader payload URL:
https://gorkaloyola.com/uplift/floow_PJNnJf28.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
293
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.2285.7140.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a1b32b0a79280e2d16a244d8c20da0b5d70b2fe8de8ce4109989d1487da21ed/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hintfmfhskaofulkergyyig2bnoxbmx6rxum4qijtcorjb62ehwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3a1b32b0a79280e2d16a244d8c20da0b5d70b2fe8de8ce4109989d1487da21ed

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 3a1b32b0a79280e2d16a244d8c20da0b5d70b2fe8de8ce4109989d1487da21ed

(this sample)

GuLoader

Executable exe 8f16e3a601a2ecbe08bb764289fc0766df7ca8e634f5490d905055be4f827364

  
URLhaus
https://urlhaus.abuse.ch/url/861122/
  
Dropping
MD5 4555360a3722412df3830a677887cdaf
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8f16e3a601a2ecbe08bb764289fc0766df7ca8e634f5490d905055be4f827364

Comments