MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46a3ec4ef631b450db4d553a931ed4ea74209dfef4f46fb475971ae6800567f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46a3ec4ef631b450db4d553a931ed4ea74209dfef4f46fb475971ae6800567f2
SHA3-384 hash: f4711f7904fdbf589f2763e5a07db5899b3270c17cf39e79b83cc2969f8f11fb4fdd896881e89afb522a14c71d21207b
SHA1 hash: d2c5802534ca4b9ffccbeb522b4c59dad65b5ace
MD5 hash: fb31bc08fb7d0b2fdeb570c23fd53a0a
humanhash: indigo-florida-vermont-autumn
File name:Covering letter_swift copy_pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:41'882 bytes
First seen:2020-06-09 06:41:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:ODvXrPULx6R44mVWHRSk30fgollq4T9f/9lm+V7oKgvgZmCAgqP:PNf4mV3jlNT9f1lma7o7oZ7AgqP
TLSH 1C13E149E4A6811DC1471D611931A7CC6698937AAFD3FB231CC8BE983F497B18EAC7C1
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 94-100-28-224.static.hvvc.us
Sending IP: 94.100.28.224
From: Ken Shah <ken@geeccaships.ga>
Subject: COVERING LETTER/Swift of Payment for 5000 Kgs. FBD Machine Inv_June 2020
Attachment: Covering letter_swift copy_pdf.gz (contains "Covering letter_swift copy_pdf.exe")

GuLoader payload URL:
https://annas.id/crypt/over_AXGGR240.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:43:03 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i2r6ytxwgg2fbw2nku5jghwu5j2cbhp66t2g7ndvs4nonaafm7za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 46a3ec4ef631b450db4d553a931ed4ea74209dfef4f46fb475971ae6800567f2

(this sample)

GuLoader

Executable exe 8bbc2e9322af7c28162adfaa66055af70695b2da16b822be4b8b4deb67da405c

  
URLhaus
https://urlhaus.abuse.ch/url/384281/
  
Dropping
MD5 3d3a18abd74e819868d6404004b43ba7
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8bbc2e9322af7c28162adfaa66055af70695b2da16b822be4b8b4deb67da405c

Comments