MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 641c5ad07a169032f6971f9c3302bc4aa6eac15fd6942cdcf3d42803cf7de85b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	641c5ad07a169032f6971f9c3302bc4aa6eac15fd6942cdcf3d42803cf7de85b
SHA3-384 hash:	47901dacfec2cfa17acd312ff4bef99a75c8b64753cacd76f24ad0d0b2625b27563f04a9bdf9bc2c37bef5f418020a51
SHA1 hash:	170c1c99a0b63f7015f60cdcd33ad67f89e1910d
MD5 hash:	ef6b01e9a365224554a12b505ecffa6b
humanhash:	eighteen-charlie-hydrogen-august
File name:	Glosebogshadowg.rar
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	20'876 bytes
First seen:	2020-06-10 06:50:18 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	384:xhFbY+JX0HNRn/qrb2FGHfFK5MaX/E3QmsCTe72Gl0XV2IcpRfm3grm1EUQF1DUr:jFP10tRnQiFGNK5MaPIQB2Gi2R9rMjQq
TLSH	DB92D0826FE4E8DBB1912B2197B5E2286886538FC5D93CD118475293F08EC5C646D737
Reporter	abuse_ch
Tags:	GuLoader rar

abuse_ch

Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Nikolas Leon <nikoleon@yuntong-batt.co>
Subject: RE: RE: 7928/PO/GEN/JUNE 2020
Attachment: Glosebogshadowg.rar (contains "Glosebogshadowg.exe")

GuLoader payload URL:
http://111.90.148.217/evaaaa_KaOelOMF53.bin