MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60d73d403158b2d410a20a399b55983504489e5b3b85ef4ce4f3fd0cc1cc0499. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 60d73d403158b2d410a20a399b55983504489e5b3b85ef4ce4f3fd0cc1cc0499
SHA1 hash: 09981f019fb35b9216577165471ab1e04d1fd30d
MD5 hash: 3ca0f81d598b3e10d7356531cbedbf48
File name:PAYMENT INSTRUCTIONS COPY.gz
Download: download sample
Signature GuLoader
File size:23'885 bytes
First seen:2020-05-22 15:03:42 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:Rr0s/a0/vRH0sMltoUuu5unTa75gbv+s2BZuZrz2g+41I1Hn+JeprxwrnZzkG4hw:il+HglDuquUiGmZegb1IxwkONND
TLSH D8B2F1FB5F18955CB1AF9A3F830450EDDA7DEB1234F52D598402C03428B9672775AE11
Reporter @abuse_ch
Tags:GuLoader gz


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: ss0109.hostingcare.net
Sending IP: 138.128.162.42
From: Faye Segal <info@drivus-industry.com>
Reply-To: ukcompany20@yahoo.com
Subject: RE: PAYMENT INSTRUCTIONS
Attachment: PAYMENT INSTRUCTIONS COPY.gz (contains "PAYMENT INSTRUCTIONS COPY.scr")

GuLoader payload URL:
http://creativewg.com/baby_zLlTwqAf177.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 15.25%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 60d73d403158b2d410a20a399b55983504489e5b3b85ef4ce4f3fd0cc1cc0499

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments