MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6323f716f78e656da12fad2a6ce9f43437c5e3bde435ae7afa1e0ad4d1245665. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6323f716f78e656da12fad2a6ce9f43437c5e3bde435ae7afa1e0ad4d1245665
SHA3-384 hash: b0c56b062ffb759aa15b43dd7ed70deb7871f94468bb6bdee5801aa11b22ef17dddd378b6f917cc9d24683e55369f981
SHA1 hash: f8552ee1bd05e4cf17fa759b98f517c142042372
MD5 hash: cb1548905370762ff38c7462d52deb37
humanhash: spaghetti-four-oven-yankee
File name:Scan0001.pdf.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'447 bytes
First seen:2020-05-28 13:52:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:Q2rKjgbMnGUJEtB+jqBOYPc9bJ+zRxbDR0Kzwn9DjAVMhfH0X+7fjUXb:Q2sMUmCjbObDq6OAVMmQQr
TLSH 8AB2E0A60B07C46163A7FEAAEFB4F51CF8EF018D011E41B614B027E199F1CE87A86549
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Salil Johory <dipak@graetfoodgroup.com>
Subject: Re: Wire Transfer Confirmation 100261804
Attachment: Scan0001.pdf.z (contains "komm.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1VDDr13QB-SbZaBWx30W2Z7lMfIeRUu_3

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 14:36:05 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6323f716f78e656da12fad2a6ce9f43437c5e3bde435ae7afa1e0ad4d1245665

(this sample)

GuLoader

Executable exe 182b2d026edb387534dda66711ee6f9050bc8ed871d0ebb71a96f0b18498ba24

  
URLhaus
https://urlhaus.abuse.ch/url/370301/
  
Dropping
MD5 f49da27ad6ad52449c2621860495411f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 182b2d026edb387534dda66711ee6f9050bc8ed871d0ebb71a96f0b18498ba24

Comments