MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4be6330f8de3ceaf55f723debdebb04969e33e2c2752ffe9065ed5831117765b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4be6330f8de3ceaf55f723debdebb04969e33e2c2752ffe9065ed5831117765b
SHA3-384 hash: ba04f3d0ceed1e5483e6494148e758a08e435b82764d99668e4fd4022a58d93103ce9146c02b53c736c8cd242920c5c2
SHA1 hash: 3fa9f98c13c3e8749e8ff5f944e533052bb98821
MD5 hash: 9a75febd58f02a74beb639cbeb0f3b2c
humanhash: north-virginia-xray-charlie
File name:possible PO.pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:17'908 bytes
First seen:2020-10-07 05:03:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:hWclkJi1Fe0d9d4DeL5XAVajLJmn8DybHDBgu7W8n:PRvqDAXZJqJ6u/
TLSH EF82D100CCBE71AEF7006DA84C411AC395DA785DE493E3585CEAD393D29C152ABDA93A
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sipau1-19.nexcess.net
Sending IP: 103.242.92.13
From: Azmi Alshanti <Office-Purchasing@mail.com>
Subject: Possible Inquiry
Attachment: possible PO.pdf.zip (contains "possible PO.pdf.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=7A41C5DF29C70D9C&resid=7A41C5DF29C70D9C%21120&authkey=ANb4_N57gW8qfaA

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4be6330f8de3ceaf55f723debdebb04969e33e2c2752ffe9065ed5831117765b/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 01:58:25 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jptdgd4n4phk6vpxeppl325qjfu6gprme5jp72igl3kygeixoznq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/4be6330f8de3ceaf55f723debdebb04969e33e2c2752ffe9065ed5831117765b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 4be6330f8de3ceaf55f723debdebb04969e33e2c2752ffe9065ed5831117765b

(this sample)

GuLoader

Executable exe fd9a58a1ecdcfcfe67bc1eb8d2d2d35ec30a93651c6c60cca4c519b19c20be39

  
URLhaus
https://urlhaus.abuse.ch/url/663170/
  
Dropping
MD5 2febe1778eb937eb0e093df5c2f2239d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fd9a58a1ecdcfcfe67bc1eb8d2d2d35ec30a93651c6c60cca4c519b19c20be39

Comments