MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d968997f743fcfc18d510e467354c82f0b6c4521f2dc7398f692dd1a1245ce0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 5d968997f743fcfc18d510e467354c82f0b6c4521f2dc7398f692dd1a1245ce0
SHA1 hash: 9a0f0c5c96a0caf201c7191bb8d681f9f29b420b
MD5 hash: 71c577316b85fa3975134846e69b358d
File name:Rechnung.zip
Download: download sample
Signature GuLoader
File size:27'188 bytes
First seen:2020-05-22 15:05:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:j263Cjw51wyA6B0GyI73mxhaLKWPIXA/70tr/A5h2T:zuwnkhw2zaLFPcA/70t0S
TLSH 3FC2E0BA6988B9F3C424FBF0F2E5164E5D48D3EB142460C33C919CD9BAC516A3D99172
Reporter @abuse_ch
Tags:GuLoader zip


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: df-email-1.easy11.de
Sending IP: 134.119.8.69
From: DKV EURO SERVICE GmbH + Co. KG <warth@lieferanten-marktplatz.de>
Subject: AW: AW:Payment and Order Confirmation 29-04-20 INVOICE_20-613129926-001
Attachment: Rechnung.zip (contains "Agrio.exe")

GuLoader payload URL:
http://156.96.118.179/RAW-4-DAVdx_xtLnf95.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country US US
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 12.31%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 5d968997f743fcfc18d510e467354c82f0b6c4521f2dc7398f692dd1a1245ce0

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments