MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5437259802368f0276dee5d8b4a377948db73b036776ccb817e74d6d9283a418. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5437259802368f0276dee5d8b4a377948db73b036776ccb817e74d6d9283a418
SHA3-384 hash: caeab6a4402c1bd5f77020cd861438c54dadda94932a5b125a8fa85261f3fbd736f70f83b03d09b371baff09c6179578
SHA1 hash: ce46b29d02a1432192fc0696f412d3d284ccbb3f
MD5 hash: c8a30c0d417b40a18e42f5dbdbd4e6d9
humanhash: island-idaho-island-louisiana
File name:petronas qt request.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:35'482 bytes
First seen:2020-06-02 11:12:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:TxWvzj8szSc/0P/TmGbLocyJ9NVRvPakS5uEouDs8KfP9CWf3wwGIp:ew0V/8/V/nifRnjS5gu4fP9CWP7
TLSH 4BF2F12F9537707CA88843D041DC5CDF6B9BE150411A6DB3DA30A19D38A8C99EAC1AFF
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.huttprimax.partners
Sending IP: 162.241.215.47
From: Zahira Sughra - petronas <Zahira.zarrinudin@petronas.com>
Reply-To: Petronas Malaysia <petronas@representative.com>
Subject: Fw: Request for Quotations
Attachment: petronas qt request.zip (contains "petronas qt request.exe")

GuLoader payload URL:
http://mexiwoodstudios.com/a1/bindonmaster_EURqj86.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 20:18:00 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kq3slgacg2hqe5w64xmlji3xssg3ooydm53mzoax45gw3euduqma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 5437259802368f0276dee5d8b4a377948db73b036776ccb817e74d6d9283a418

(this sample)

GuLoader

Executable exe 900a6f47b5d63eeb95728c0ec9ae469d31564cfbb1849b34549ac0f8de28fcde

  
URLhaus
https://urlhaus.abuse.ch/url/374406/
  
Dropping
MD5 4703c832092a43802e238ce0f6179132
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 900a6f47b5d63eeb95728c0ec9ae469d31564cfbb1849b34549ac0f8de28fcde

Comments