MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58bf63161b6f32774556277d7623dafccad86c583a66c2929e611cc1b3b2cacf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58bf63161b6f32774556277d7623dafccad86c583a66c2929e611cc1b3b2cacf
SHA3-384 hash: 8dc627d9ccbb68f96da9198b877775d3eb3f1b6edff30729703ff75964993f7f067dbd4d31642348d953014a28f74137
SHA1 hash: df17d93500d8aa700a7b4d72ebfa3fdc268df1ff
MD5 hash: a51cd30147cae5a8d138d19a67a57fd1
humanhash: oklahoma-edward-colorado-chicken
File name:Orders Documents FOr SHipment CAT01062020_zip.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:39'076 bytes
First seen:2020-06-03 13:07:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:iqtBYi3iOtwzstdp9Pwi5y2l8NzokQwPi03OxBdVgMtOQQ4f8Mjz4:9t3yPzs7nCNckQA3OxBJtGE8MjU
TLSH 9E030261347DF5D202F1E072DE430A246B0446A877F8F2FBE48938D4625EA48D98FEE1
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: flawless.herosite.pro
Sending IP: 103.212.121.73
From: delivery@kia-pde.com
Subject: Re: REQUEST 2
Attachment: Orders Documents FOr SHipment CAT01062020_zip.arj (contains "Orders Documents FOr SHipment CAT01062020_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1u9ErXh9OiRdBT3sf438v0LhFn6-CsRFf

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:33 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lc7wgfq3n4zhorkwe56xmi627tfnq3cyhjtmfeu6meomdm5szlhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 58bf63161b6f32774556277d7623dafccad86c583a66c2929e611cc1b3b2cacf

(this sample)

GuLoader

Executable exe 4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99

  
URLhaus
https://urlhaus.abuse.ch/url/376018/
  
Dropping
MD5 4013eb1d4f5cdd7e8e6146f60f244213
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4c085d783c734f76e23572661c1692d7b2e4ad30dab5f6c108669d4141f97c99

Comments