MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b2509bbffd56f1a955319763bfc4e4ff4e1066629023cf19af9af1d593ff470. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b2509bbffd56f1a955319763bfc4e4ff4e1066629023cf19af9af1d593ff470
SHA3-384 hash: 8385c9d89382f8a44e6c44a5325ed3451c073b84af5b3a7996ceff16ee3c0613a7b2eeb7f0fb489e4e61583ca77a4799
SHA1 hash: 44fcb0b6d20322cc36de6be41f1acf10895d010c
MD5 hash: 17d9ed40e1b4f56856e6a03a3ef34d92
humanhash: whiskey-kansas-moon-diet
File name:YANCHENG.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:18'529 bytes
First seen:2020-06-03 13:32:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:R1TuzmqFXw5ZManyLWbkGuIL+pakM81Ppmz+Lgo/6jMftYN9/0:R1TuzmqFXTayLwkGCpakXPw0J/6jGL
TLSH 5F82D0E9530D43CEB435556113300AFB056092DAABE9973BBA5E3D3211CE3AB1211AFF
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Rex Huang <rex-huang@yuntong-batt.co>
Subject: RE: NEW REQUIREMENTS PUR-01355
Attachment: YANCHENG.rar (contains "YANCHENG.exe")

GuLoader payload URL:
http://111.90.148.217/eva_ZjBvUrSwjL14.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:27 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hmsqto772vxrvfktdf3dx7coj72ocbtgfebdz4m27gxr2wj76rya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 3b2509bbffd56f1a955319763bfc4e4ff4e1066629023cf19af9af1d593ff470

(this sample)

GuLoader

Executable exe 753233a9add39ae1d7c975828f77000c63d2ab206ddbc52adc36cfd6f8ec8f7d

  
URLhaus
https://urlhaus.abuse.ch/url/376024/
  
Dropping
MD5 903a6ee9d88e0ee6bfd7177687e7ec56
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 753233a9add39ae1d7c975828f77000c63d2ab206ddbc52adc36cfd6f8ec8f7d

Comments