MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4489fba76a0635c549a7e1b2a4914eea771c6b1ec271c77471fdaff0d14c0c12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4489fba76a0635c549a7e1b2a4914eea771c6b1ec271c77471fdaff0d14c0c12
SHA3-384 hash: 79f03efc5f303a601a3e75ef53a339ee9b1189db2eb277c17c5758b941998baede4979e9707d9e38e5b7d5960843b2a1
SHA1 hash: caa1d752f08ca79c2fc9b2e446b3fcfaeb8ef9b3
MD5 hash: 85c813e034b74a5bd59901b77e20272d
humanhash: august-connecticut-california-friend
File name:MV RUKIA V.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:76'287 bytes
First seen:2020-06-04 06:01:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:VPwtPoazjaPqwbzMjZvYWeJy0ANLPsMR6tau8l9v2vIqWcPu/cn:6daPNojtky+MR6tau8/2PTn
TLSH 6473024DBECC9564E78F06BD923D5645C209E1580EBE76F1A8028CBD7BD1B9D288484B
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: abidjiaintl.ml
Sending IP: 45.137.22.55
From: Raffles Shipping International Pte Ltd (Singapore) <procure@abidjiaintl.ml>
Subject: MV RUKIA V - DISPORT AGENCY NOMINATION
Attachment: MV RUKIA V.zip (contains "MV RUKIA V.exe")

GuLoader payload URL:
https://cor.sehablae.com/mnaa.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ise7xj3kay24ksnh4gzkjeko5j3ry2y6yjy4o5dr7wx7bukmbqja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 4489fba76a0635c549a7e1b2a4914eea771c6b1ec271c77471fdaff0d14c0c12

(this sample)

GuLoader

Executable exe b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57

  
URLhaus
https://urlhaus.abuse.ch/url/378995/
  
Dropping
MD5 be5b3246523f49207c34223d5207a35c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57

Comments