MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d5c7a5f100c448c73f23093943867199922838731c72f8fed55d3554104cc76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d5c7a5f100c448c73f23093943867199922838731c72f8fed55d3554104cc76
SHA3-384 hash: b6bf3b3939f18f308f039119aa73bbe72c9e7c388cb676eba34ec6823d90fd397e483b86ac7d42461bff62ad7dd60383
SHA1 hash: 73ff7c138bb356809aa16912908f83814dea0dc6
MD5 hash: f8d84a845b5b78f36c9f370f8abc04c6
humanhash: virginia-virginia-utah-september
File name:Amazon_Order_ConfirmationOR54389L4GT.xz
Download: download sample
Signature GuLoader
Create hunting rule
File size:32'244 bytes
First seen:2021-03-05 13:02:27 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 768:x/fItdAgFUv1rL/KnqLdH0RUBsqfTcy46p98J0pid6T2sHYpaIUUI:xo4d1H/xLJ0E7fTcy78QiX8IlI
TLSH E5E2E1B45608F2D2A70DD79FAD11CB98A73656B1DD70C631FC6730984B00FA6A77AD02
Reporter abuse_ch
Tags:GuLoader xz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ns1.sequeirainc.pw
Sending IP: 104.168.218.111
From: Amazon Pay <jkr@sequeirainc.pw>
Subject: Thank You For Your Order | Order #174269 | Track your package here
Attachment: Amazon_Order_ConfirmationOR54389L4GT.xz (contains "Amazon_Order_Confirmation#OR54389L4GT.exe")

GuLoader payload URL:
https://owapetry-71.tk/admin/vzYavUNZN201.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
253
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5d5c7a5f100c448c73f23093943867199922838731c72f8fed55d3554104cc76/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2021-03-05 13:03:09 UTC
AV detection:
13 of 47 (27.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lvohuxyqbrciy47sgcjziodhdgmsfa4hghds7d7nkxjvkqiezr3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5d5c7a5f100c448c73f23093943867199922838731c72f8fed55d3554104cc76

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

xz 5d5c7a5f100c448c73f23093943867199922838731c72f8fed55d3554104cc76

(this sample)

GuLoader

Executable exe 93ff33867e6593f0e5a80ba261665c6f162bceed6cb39362811a70aa6561cf11

  
URLhaus
https://urlhaus.abuse.ch/url/1048581/
  
Dropping
MD5 c36f98a570d900b077417eeb0e82a751
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 93ff33867e6593f0e5a80ba261665c6f162bceed6cb39362811a70aa6561cf11

Comments