MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63d2b3a17ef4677229f044fab8ddb0380a2c1b42d28e793793ae43fae9285f55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63d2b3a17ef4677229f044fab8ddb0380a2c1b42d28e793793ae43fae9285f55
SHA3-384 hash: 73077d531d50388ad5e29533a50e4625e0465bdbcd57082164dedf253fc67b9636c9854e4af202430d1462d9d4ab6ead
SHA1 hash: 29e654f65792941bf68d2e4cd2d30e184d5b14ba
MD5 hash: df37865d64e847a733d56082dc6ceaf3
humanhash: eighteen-mike-july-freddie
File name:Logo_Invoice_Myself_pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:689'236 bytes
First seen:2020-08-12 14:38:03 UTC
Last seen:2020-08-12 18:31:50 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:MdzMLjWit7C5VdeUr0Hca+yC6IkprdMMms2KpwbHSkUxWkt8Jtpx9qAVndqfc:MdujF7QHIHcT6/LMMmbHStqJtpLqAZ0U
TLSH 4BE4234FE4DECE49F577863AAE8C30215BC9F8B118DABC6120D587A91F190EC563271C
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.ricksaezp.com
Sending IP: 104.168.173.112
From: info@ricksaezp.com
Reply-To: info@ricksaezp.com
Subject: Ready now for the Business
Attachment: Logo_Invoice_Myself_pdf.zip (contains "Shipment Invoice.jpg.jpg.jpg.jpg.scr")

GuLoader payload URL:
https://landzro365groupe.com/wp-content/or4/oriyande40_ipHHXO2.bin

Intelligence

File Origin
# of uploads :
3
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Graftor.814706.8559.12308.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/63d2b3a17ef4677229f044fab8ddb0380a2c1b42d28e793793ae43fae9285f55/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 14:39:06 UTC
AV detection:
14 of 47 (29.79%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mpjlhil66rtxekpqit5lrxnqhafcyg2c2khhsn4tvzb7v2jil5kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/63d2b3a17ef4677229f044fab8ddb0380a2c1b42d28e793793ae43fae9285f55

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 63d2b3a17ef4677229f044fab8ddb0380a2c1b42d28e793793ae43fae9285f55

(this sample)

GuLoader

Executable exe 545bc37874b09c18f4fcef578eb3f9f3d47673255bbc32bc41986fc4e71f896f

  
URLhaus
https://urlhaus.abuse.ch/url/430485/
  
Dropping
MD5 0cf18e4d1314f04aead5d33dfd97af18
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 545bc37874b09c18f4fcef578eb3f9f3d47673255bbc32bc41986fc4e71f896f
  
Dropping
SHA256 d0d7da6edab70ca763cd813715907daeaafb8f0245a55cf4074446bb218dfd6f
  
Dropping
MD5 cec350665f8caddd2de63975bf5b63fd
  
Dropping
SHA256 6617979630def30c8a103baceedd1ddb972a53b984de91682aa93451faf833bb
  
Dropping
MD5 c289ec525b815c400eb88beb1f459489

Comments