MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6619464c4f87b94065a75d7f9f33fb63dfc11c7f5251a2d90952ee725393b516. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 6619464c4f87b94065a75d7f9f33fb63dfc11c7f5251a2d90952ee725393b516
SHA1 hash: 35fea90be620cafb6c03df730db9eff5c62d17eb
MD5 hash: 785654c8b2517fcbe112bf04ce92f20e
File name:NEW PURCHASE ORDER_22052020_pdf.arj
Download: download sample
Signature GuLoader
File size:25'667 bytes
First seen:2020-05-22 10:14:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:DivjcVAROl/pPmNThEwlZHRU0zaZqt2OJjc5XuQAC9AHLxgfwsaFcINgR7DPQmyU:GqEOl/8NThECHRU02ZEDEA/tF5NUHPL1
TLSH 06B2E08D2CC1D790D636A936AEA82124C14DEEB02D8C52DF44F968E1C3CCBCE7929659
Reporter @abuse_ch
Tags:arj GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: s1.smallhost.in
Sending IP: 103.46.239.70
From: lbbakes@rabdos.co.za
Subject: RE: (Urgent) Vessel_5748- Arrest on court Order
Attachment: NEW PURCHASE ORDER_22052020_pdf.arj (contains "NEW PURCHASE ORDER_22052020_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1QHr-1JPHjLiZaEeJT-6RGU0abR7Nf5Wb

Intelligence


Mail intelligence
Trap location Impact
Global Medium
# of uploads 1
# of downloads 22
Origin country US US
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
VirusTotal:Virustotal results 15.62%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 6619464c4f87b94065a75d7f9f33fb63dfc11c7f5251a2d90952ee725393b516

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments