MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4530d1f0367c90e37d9181d5074cea1e600a89bdc2a70c1258da27f86bf4f9f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4530d1f0367c90e37d9181d5074cea1e600a89bdc2a70c1258da27f86bf4f9f0
SHA3-384 hash: 7e93ac3a870b4ec2f44a240ba10613efeccaf369bbb033d2e33e8d07dc36b441c172ee3309f0c740caec086e93e0af7a
SHA1 hash: 76a2f4ad4afa4162de656098397cda647082be2e
MD5 hash: 0bdaf889ca624fb55909cb7213a51a8e
humanhash: july-april-charlie-snake
File name:attachments.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:87'812 bytes
First seen:2020-06-05 13:33:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:K1dU2Ns58/A+AjbK/cNAVIlHeXh1I1dU2Ns58/A+AjbK/cNAVIlHeXh1E:AdUU/1ACVXSdUU/1ACVXE
TLSH FE83F2A39F55D46DE0F2C2013653B11324EE308B0D957A96FE126EDF22B11632D39E8B
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ocsa-geofisica.com
Sending IP: 193.142.58.27
From: francisco@ocsa-geofisica.com
Reply-To: Francisco Merchán Álvarez<wiz2018@bk.ru>
Subject: PRODUCT INTEREST (URGENT)
Attachment: attachments.zip (contains "TDL-TAG-QTN-20-0194 - QETAIFAN ISLAND PACKAGE 5.com")

GuLoader payload URL:
https://navitasklogistics.com/wizzybin_PAtqD214.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43287171.25250.13116.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 22:53:21 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iuynd4bwpsiog7mrqhkqothkdzqavcn5yktqyesy3it7q27u7hya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 4530d1f0367c90e37d9181d5074cea1e600a89bdc2a70c1258da27f86bf4f9f0

(this sample)

GuLoader

Executable exe 761e31eb72cc241c0b5bf6ae44cd9dcc41854f523127a6638ad332ff0b8dfb3a

  
URLhaus
https://urlhaus.abuse.ch/url/382088/
  
Dropping
MD5 d4f146f791a53ceb731cf58a1d0fa8dc
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 761e31eb72cc241c0b5bf6ae44cd9dcc41854f523127a6638ad332ff0b8dfb3a

Comments