MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58a0aeda6764bdb119f336d823c740c2b8950acd7073d42bf79cdae3ce1cd07e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	58a0aeda6764bdb119f336d823c740c2b8950acd7073d42bf79cdae3ce1cd07e
SHA3-384 hash:	25c92df2dfb92d6322a5c4be4da565a02e5bbf1ecb69aed41890270478f3d37e55402c03e6f94332f7f50276ff1e7783
SHA1 hash:	9e0703c55d82fc6242e1cb61a10e17d8f1db9377
MD5 hash:	4c0652b8bd7a5e189958dd3373a2c155
humanhash:	march-illinois-black-cup
File name:	Order _2020982_.zip
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	47'651 bytes
First seen:	2020-06-08 12:12:10 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	768:0/ZTnzCM+hUpkiohciag1QpOlLlvCNiYuRpskJl6xZDS+CpH1DlA8oXaXGu/5iTr:QTnzCbykio+iapOlLoFiskJlSZO+aVD2
TLSH	8D23F103EF9D9AB4C32C49E62C8547E6F8679F99511E20900C2FD2D7EF6E4F18657A40
Reporter	abuse_ch
Tags:	GuLoader zip

abuse_ch

Malspam distributing GuLoader:

HELO: mail.huclangia.ga
Sending IP: 64.52.172.242
From: Nadeemi Trading Co. <ubacen@huclangia.ga>
Subject: Fw: Request to Submit PO Acknowledgment for New Purchase Order 2020982
Attachment: Order _2020982_.zip (contains "Duckwifechio1.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1IY0MbGZwCNIl99oNc0IFSARZOGuSi7pe