MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40cfefe65626d5d0a73fa31efd77c1b84bd9fda84b8e6dca0b2c5e907a20b607. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40cfefe65626d5d0a73fa31efd77c1b84bd9fda84b8e6dca0b2c5e907a20b607
SHA3-384 hash: 08854371a8e9e65caf3a3d86d0129d05e1d1a061731b3bc64f2edcf311375ecdbd79e914537c62b6cb8ded6957c16c55
SHA1 hash: cb0d51070213b28e7e4201fc158e7d668dc509e9
MD5 hash: d2f60e06923225173266ab11d9bd5940
humanhash: whiskey-summer-orange-alanine
File name:New Purchase Order For Nazir and Sons_pdf.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'634 bytes
First seen:2020-06-03 13:17:24 UTC
Last seen:2020-06-03 13:43:55 UTC
File type: zip
MIME type:application/zip
ssdeep 1536:q4Nl+6l50xJOsrdApBi+VZdID55MgsX4KJqoIA4jD8TELPYOAUEyGNSFpCIYbY:9iTxJzrdAp8kkD55MgsXbJqy4jD8TEcy
TLSH 8573121BAA234BF42B0B50CD55A2B20448F6387C1090D5CD73F686FAA775A7AD7EC538
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.sanallastirma.com
Sending IP: 94.103.36.180
From: Nazir & Sons Co. (Turkey) <rubab.s@nazirandsons.com>
Subject: NEW ORDER #063310 NAZIR AND SONS CO.
Attachment: New Purchase Order For Nazir and Sons_pdf.arj (contains "New Purchase Order For Nazir and Sons_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1_MYMmXePhIt1EdobIE3aMcZnY7VJ9y-J

Intelligence

File Origin
# of uploads :
2
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 14:16:10 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=idh67zswe3k5bjz7umpp256bxbf5t7nijohg3sqlfrpja6rawydq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 40cfefe65626d5d0a73fa31efd77c1b84bd9fda84b8e6dca0b2c5e907a20b607

(this sample)

GuLoader

Executable exe 8cf30db30a532af1eda7d1107cd54bad004d85daacd73bf86cb440dc3e87e78a

  
URLhaus
https://urlhaus.abuse.ch/url/376185/
  
Dropping
MD5 6e3cc54ff1257170605a8754173706ca
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8cf30db30a532af1eda7d1107cd54bad004d85daacd73bf86cb440dc3e87e78a

Comments