MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b2682648e991ab1d7f3e4595353eb8668f95f71fc37af3575c3731613c1201e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 4 Yara Comments

SHA256 hash: 5b2682648e991ab1d7f3e4595353eb8668f95f71fc37af3575c3731613c1201e
SHA1 hash: d7a25aa5db5791afa4bd8e45ee37147f88460eed
MD5 hash: 597c3a1abd01bf5a0f50412a405df134
File name:Drilnin.exe
Download: download sample
Signature GuLoader
File size:90'112 bytes
First seen:2020-05-22 10:16:21 UTC
Last seen:2020-05-22 10:52:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b0da6c1de945a710ef5ef13e4b8e91c
ssdeep 768:yAfFuiIy2H11dIEbCCx3+WEkpLSeZV7ljpBHm3QTYd1j5QVKycpLrQqG:1fFuIUxOIpLSeH7hpNm3QmLro
TLSH 68931A25B6D8EDA5C9018EB15E21869A12EFAC381D1C4F0B38CE7F1C34765D2BC6175E
Reporter @abuse_ch
Tags:exe GuLoader

Malspam distributing GuLoader:

Sending IP:
From: Jason Bourne <>
Subject: FWD:Final PI for remittance
Attachment: Drilnin.rar (contains "Drilnin.exe")

GuLoader payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 24
Origin country US US
VirusTotal:Virustotal results 34.72%
ReversingLabs :No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 5b2682648e991ab1d7f3e4595353eb8668f95f71fc37af3575c3731613c1201e

(this sample)

Delivery method
Distributed via e-mail attachment