MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d6deba936c2f1b02bbe7a52ea4903d81161f721b284bf58b27e4381c443ac26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d6deba936c2f1b02bbe7a52ea4903d81161f721b284bf58b27e4381c443ac26
SHA3-384 hash: fabf438fc01e782892f34e9c9d9c98a1358769798ceb6471c85c72db85e9362bff0885c7d651965535ae7b9a33bbd153
SHA1 hash: fba113ccff7756ce6fd49bd1b578b11eec7bbb6f
MD5 hash: 0e7d76344863ed9af60e026ee2fbd358
humanhash: sink-sierra-lemon-alaska
File name:Final invoice.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:38'659 bytes
First seen:2020-06-02 11:17:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:PY0r6pn/hftEfVmAgSTeyut8XXrtCqtcD1jIrdJ4AGb77uUasJBgD:PY0a/hYmAgSKyQ8XXzyDVIBJ4AGbHccS
TLSH E903F16C00B72403CF653DA4FD3E26621C0ACFAB6A5526EF5303B6CEE444AC8AF61955
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: park-mx.above.com
Sending IP: 103.224.212.34
From: Cliodhna Betts <Cliodhna.Betts@randox.com>
Subject: Fwd: BALANCE PAYMENT
Attachment: Final invoice.zip (contains "Final invoice.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=11vnWMRb7HPmBuO6Gphh2q-mg5Ha9hkc_

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7995774-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 18:41:00 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lvw6xkjwyly3ak56pjjousid3aiwd5zbwkcl6wfspzbydrcdvqta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 5d6deba936c2f1b02bbe7a52ea4903d81161f721b284bf58b27e4381c443ac26

(this sample)

GuLoader

Executable exe 3ab6a46e13911f31494184adc9f030cfd6f81ea2f243b4fd3b4ea3c9d5c5a3e0

  
URLhaus
https://urlhaus.abuse.ch/url/374164/
  
Dropping
MD5 747ba720f124010becfee219e915e5ac
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ab6a46e13911f31494184adc9f030cfd6f81ea2f243b4fd3b4ea3c9d5c5a3e0

Comments