MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a3836b0bd7a5f80152fc1ee0c30da40fbbeb0b6e6edb6f2fd23733398aded9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a3836b0bd7a5f80152fc1ee0c30da40fbbeb0b6e6edb6f2fd23733398aded9f
SHA3-384 hash: 55a40385ca8053d5cb17da9c3790cdb3e2b332529effc5ba3bc430b78bec92506bd2eaa4a39d08ee4542c7e194f25b8c
SHA1 hash: 9aaa4645b16632e125755859ce8bbfde819ea3ea
MD5 hash: d4fd61f61a407df1f4b6daed5dbd7fe5
humanhash: nineteen-princess-aspen-tango
File name:New PO514584.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:60'437 bytes
First seen:2020-05-28 07:28:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:jQqMX+n3X0/dUm0I22TCiXWmjlhnKhyhIEuYEk/39NUzT:Ezu3Xy6m0l2TCimmjTKkhITYEkXUv
TLSH 604302945B50007A51E6125FED3C6EA19CCB033EA70989649F0B4DA8EFD9BF0A08552F
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: kemapco.com
Sending IP: 103.207.38.152
From: Albaraa Matouq <Albaraa.Matouq@kemapco.com>
Subject: Enclosed New order
Attachment: New PO514584.zip (contains "New PO#514584.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1E7MzAKMGyGLFe9p7Jlka5hrnw7_OkRCQ

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Hosts.47636.18114.31309.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 23:50:10 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 3a3836b0bd7a5f80152fc1ee0c30da40fbbeb0b6e6edb6f2fd23733398aded9f

(this sample)

GuLoader

Executable exe daf9a22fa4f5634d74b6b04e7eb503ac16ccc3787d51b161d26a950d7733008a

  
URLhaus
https://urlhaus.abuse.ch/url/370293/
  
Dropping
MD5 e9a32b9c4191be241363621cdcf03f24
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 daf9a22fa4f5634d74b6b04e7eb503ac16ccc3787d51b161d26a950d7733008a

Comments