MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bc915766b79fb4fdf2e636cfc46b1df5787c2fdc11fb540a65cdda079f5bf1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 3bc915766b79fb4fdf2e636cfc46b1df5787c2fdc11fb540a65cdda079f5bf1f
SHA1 hash: 1e617f070c0ee6b99b9d93daf6176d51530d8397
MD5 hash: 7b8482b74fe76a3016b4d4016fe47047
File name:Extr.exe
Download: download sample
Signature GuLoader
File size:90'112 bytes
First seen:2020-05-22 09:59:45 UTC
Last seen:2020-05-22 10:52:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9cf6fa849a525ad512a8cfbb595265cc
ssdeep 768:fYE9koJ0beC7pzQJuHKek98qtZmcZOhvktjz3N8BuWoOlho6C:wE9VMeC7q0q18qtZmcohvkJahor
TLSH B7932C21B566DCAACD448EF289D55DA8267BFC313D040E0B33857B2C7933EC25A6635B
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: victor.r1host.com
Sending IP: 176.9.32.34
From: IMPORT-EXPORT SALES <Sales@symetrix.co>
Subject: UnPaid Proforma Invoice/Balance payment
Attachment: Scan DOC.001 (contains "Extr.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1l6VU05eHD17sFQqbelVRsD-qw6504o9V

Intelligence


Mail intelligence
Trap location Impact
IT Italy Low
Global Low
# of uploads 2
# of downloads 24
Origin country FR FR
ClamAV SecuriteInfo.com.Trojan.Siggen9.48513.13623.13683.UNOFFICIAL
VirusTotal:Virustotal results 20.59%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 3bc915766b79fb4fdf2e636cfc46b1df5787c2fdc11fb540a65cdda079f5bf1f

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments