MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5acdbf474d5ba6e5efc471bcab0791b8de9413cb442c6a2c775166d85184d64e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	5acdbf474d5ba6e5efc471bcab0791b8de9413cb442c6a2c775166d85184d64e
SHA3-384 hash:	f17f283c74423e4f4da4cd35b37521b9b8d271e92d6f13249c93c0f1a00d15b0732a31422d501420905ccd04f979af7f
SHA1 hash:	5320c69d562d3c18f5294d329376487e22f31797
MD5 hash:	0ac3d65ebab27fe36365d82a789faf37
humanhash:	edward-india-romeo-stream
File name:	Purchase Order.img
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	1'245'184 bytes
First seen:	2020-06-03 13:32:21 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	1536:nKSPfxV40l9TeyzyXXIoYeqkxfkgrKHxLdGKc+o0FDHdZ1gIV7H07rbmF1+I4FC:n7PXlBeXXIoYeDKVdhjFD9zh+XbFC
TLSH	5E455803EE4C4A53D1104BBE2D564E79BB1DAD1D18405BEF743E7E9A5F312422DAB20E
Reporter	abuse_ch
Tags:	GuLoader img

abuse_ch

Malspam distributing GuLoader:

HELO: teyseer-services.com
Sending IP: 104.168.141.201
From: Khadirulla Shariff <khadirulla.shariff@teyseer-services.com>
Reply-To: Khadirulla Shariff <khadirulla.shariff@teyseer-services.com>
Subject: Purchase Order
Attachment: Purchase Order.img (contains "Purchase Order.exe")

GuLoader payload URL:
http://192.119.64.226/ccv.bin