MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e2cd8a4184d733a1534332cd9cbddc3ff23f7d2a16d92cef25688ea1c06e902. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e2cd8a4184d733a1534332cd9cbddc3ff23f7d2a16d92cef25688ea1c06e902
SHA3-384 hash: 0949ed6b0c5b15dec856f5fb6fc994a3f744f21e8c64e69b1325cf9aa978640b9f093534c0b3347524d71f738dfc00de
SHA1 hash: 2a0c5662eb5cb0b8c941aace4cbe6e3c6be8fca9
MD5 hash: a0e9db3ea024b1f17af898532189b6c5
humanhash: king-delta-jersey-earth
File name:PLEASE CHECK ORDER-001TG2020.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'855 bytes
First seen:2020-05-25 13:22:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:SjIBNk1mPPm3uylRgJCVFuhblcGwDs/l5re9Im4a:6yNkOm3tgUujhd5rP6
TLSH 1DD2F1C596917DA2C2C4BC30852A52EFDEAB470A17388AE2720EF05F6F43C91495BD96
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: valeo-one.de
Sending IP: 156.96.59.92
From: Geoff Beck<info@valeo-one.de>
Subject: NEW URGENT PURCHASE ORDER-001TG2020
Attachment: PLEASE CHECK ORDER-001TG2020.zip (contains "PLEASE CHECK ORDER-001TG2020.exe")

GuLoader payload URL:
http://hosseinsoltani.ir/gozman_UfHkSfk134.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis738A93A69C79.18498.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 04:36:31 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 3e2cd8a4184d733a1534332cd9cbddc3ff23f7d2a16d92cef25688ea1c06e902

(this sample)

GuLoader

Executable exe 136951ab2919602366049b534cc5159e1d6da7bc46a9131ce292dcefaf05c449

  
URLhaus
https://urlhaus.abuse.ch/url/367839/
  
Dropping
MD5 738a93a69c798995a7da5764e289e804
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 136951ab2919602366049b534cc5159e1d6da7bc46a9131ce292dcefaf05c449

Comments