MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 430d25b78ba647fc479350595c90009fc7fc116004c6b0f693e6223aa7b00c6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 430d25b78ba647fc479350595c90009fc7fc116004c6b0f693e6223aa7b00c6a
SHA1 hash: fd1ac0cb1106430d578d8d9c2cf21da06f8c6d0d
MD5 hash: c5271eb5f0c18cf23d10ff18a61ba8dc
File name:Rechnung1.zip
Download: download sample
Signature GuLoader
File size:26'114 bytes
First seen:2020-05-22 10:19:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:QLPeJgoktyNSt7QNNEDsa/kdbjr+upCD6bZzBW:QLmCoktWSOovaj7CDi1Q
TLSH 04C2E1A97AED0CF4431C4769B563B414046749569ECCD80F264CCDA817170767F5FEE8
Reporter @abuse_ch
Tags:DEU geo GuLoader zip


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mxout02do.versatel.de
Sending IP: 89.245.129.165
From: kidrth@versanet.de <kidrth@versanet.de>
Reply-To: kidrth@versanet.de <kidrth@versanet.de>
Subject: AW: AW: Zahlungsbeleg und Auftragsbest├Ątigung 21-05-20 Rechnung_20-613129926-001
Attachment: Rechnung1.zip (contains "rechnung.exe")

GuLoader payload URL:
http://156.96.118.179/RSol.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country FR FR
ClamAV Sanesecurity.Malware.23811.ZipHeur.UNOFFICIAL
VirusTotal:Virustotal results 21.88%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 430d25b78ba647fc479350595c90009fc7fc116004c6b0f693e6223aa7b00c6a

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments