MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5980a42c4d6b65c5f0ddf5fe620ef09bffec35c1f5ddf7b57f9b2c1c979f6af1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5980a42c4d6b65c5f0ddf5fe620ef09bffec35c1f5ddf7b57f9b2c1c979f6af1
SHA3-384 hash: 3eb8f4f64d34df331314a0aad47a9d5ad8b19240a31be19a1e14f812e87287620c7076885fff1721ce6d0f5d7413ddca
SHA1 hash: 9c6541b78eff28499ba92426ff065caeaa16276e
MD5 hash: 385b1b633b2aff43b7a92a802855c19c
humanhash: sweet-carolina-mississippi-five
File name:Specification materials.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:32'215 bytes
First seen:2020-05-25 13:40:58 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:HdgWY3zLsU20dNex6oX2Ea1Hhq7c357LFox:9Zezpx86oX2EEhJLox
TLSH 43E2E1F9BE82DFF15914E92F60A4CE012342DEA8F1BA6DC9E7FF25201894465D24D50F
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: shbc10.ultina.jp
Sending IP: 218.40.207.10
From: tiemchan@technoplast.co.th
Reply-To: tiemchan@technoplast.co.th
Subject: Purchase order
Attachment: Specification materials.gz (contains "File.scr")

GuLoader payload URL:
http://creativewg.com/feedbackV4_WDSZwNs135.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:33:52 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 5980a42c4d6b65c5f0ddf5fe620ef09bffec35c1f5ddf7b57f9b2c1c979f6af1

(this sample)

GuLoader

Executable exe 98be845142b95ecbd3c9138d67e531253d822494a9359b14ddc83fde3add7996

  
URLhaus
https://urlhaus.abuse.ch/url/367862/
  
Dropping
MD5 1ffd630d7b082499e5fdc3fb1372c38a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 98be845142b95ecbd3c9138d67e531253d822494a9359b14ddc83fde3add7996

Comments