MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 461a6b0785f4a709fbc9a6aad7194f37f54adcf99e52a47d592761c7a1f29b03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 461a6b0785f4a709fbc9a6aad7194f37f54adcf99e52a47d592761c7a1f29b03
SHA1 hash: b13d3b20010456bce4bbfc2d9dc9c7c8375b5bc2
MD5 hash: 913afff12777c468c42ecca57e84127a
File name:WIRE PAYMENT- WELSFARGO.exe
Download: download sample
Signature GuLoader
File size:94'208 bytes
First seen:2020-05-23 11:51:11 UTC
Last seen:2020-05-23 13:13:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7552a81bcd05c245edea64921fa97077
ssdeep 768:UKOoPEw9WCusHthCSuk+xAzcMcw9QWc72i1N1ihxCXAcomCtsDvcFef0:9OuEwe+skgCtqtoHEkFeM
TLSH D9931A717990EC77DAA10BB16D328B6418F7FC3118044A037AC93B5E657798DA8353DB
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: biza0.feedtrades.com
Sending IP: 103.124.107.37
From: ACCOUNT9 <contacts@feedtrades.com>
Subject: FWD: RE: WELSFARGO-US BANK TELEX PAYMENT $32,000
Attachment: WIRE PAYMENT- WELSFARGO.IMG (contains "WIRE PAYMENT- WELSFARGO.exe")

GuLoader payload URL:
http://185.205.209.166/wext/Rem-Stub23_lNdKRpB81.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 22
Origin country US US
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 38.36%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 461a6b0785f4a709fbc9a6aad7194f37f54adcf99e52a47d592761c7a1f29b03

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments