MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 664685df924e282db793573f4988a43c265927bb5268f3d2f608c1dc7426f0cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 664685df924e282db793573f4988a43c265927bb5268f3d2f608c1dc7426f0cd
SHA3-384 hash: dfad8111a554e6711c9f81dfff027f90d4963aaa22c7fc64e2239d40a8d4298eeacbda6f3b726328d4ac7f76022fa2d8
SHA1 hash: 83ea57fb5893e7a5d28b8640891a58e4d87f370f
MD5 hash: 0560328314e4e57d888d8f0f63ae662d
humanhash: oklahoma-beryllium-wisconsin-mirror
File name:HSBC Bank_ Payment swift copy- TT MT103.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:23'610 bytes
First seen:2020-05-12 15:54:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:hg3rYlvp/FVqCKIfski3s9VR0MGKCr/EuPgsNLdv2wBAm90zQ2OxsRseK/5T:LvNFVqCfsps9VR0MGX/5Pgs7ThqOORXQ
TLSH 39B2E1B04A166BBB56D7DCEC260968F947D5385E3F083D2695801DC748738D1BCD1BAC
Reporter abuse_ch
Tags:GuLoader HSBC rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.pintaras.com.my
Sending IP: 101.99.66.114
From: HSBC BANK Reflex Cash Management ( China )<Shanghai_swift@hsbc.com.cn>
Subject: HSBC Bank Payment swift copy- TT MT103+(REMIT)
Attachment: HSBC Bank_ Payment swift copy- TT MT103.rar (contains "HSBC Bank_ Payment swift copy- TT MT103.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 03:06:00 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mzdilx4sjyuc3n4tk47utcfehqtfsj53kjuphuxwbda5y5bg6dgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 664685df924e282db793573f4988a43c265927bb5268f3d2f608c1dc7426f0cd

(this sample)

GuLoader

Executable exe 9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12

  
Dropping
MD5 c5b4af93732e9ed19e5c144a403eea95
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9cbe5097d40713390439b736ac90f7ac008db11188a9b8d0ad40fec39d5cff12

Comments