MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 669dfc0ce517b0cb8aa67994e711149ff090adab5ffe2f89bfe2c7c089fbb9df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	669dfc0ce517b0cb8aa67994e711149ff090adab5ffe2f89bfe2c7c089fbb9df
SHA3-384 hash:	8fa83676ab3affceb826a4117e292f8775a423b2343ccf174d692a05dda8b221d566ae78a6c89d1ee3248dde0d222fa9
SHA1 hash:	32d7c1c8123e8ff6e3ff10de1bab76e7e1722629
MD5 hash:	bf670de7a34d036c69de3b51bcad11dd
humanhash:	mango-romeo-idaho-foxtrot
File name:	PO_94335.pdf.zip
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	34'164 bytes
First seen:	2020-05-26 09:03:09 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	768:J/fMjyzile92uHTnZX+RFuKB3GGKvTYsPQL:J/3GlsHDZuRFdB2GK1Y
TLSH	17E2E1ABF7476B61A4BE5549F480658E82EDD82200926C3CED10FE1249ED7F7EC0563D
Reporter	abuse_ch
Tags:	GuLoader zip

abuse_ch

Malspam distributing GuLoader:

HELO: mx.bd-distrbutors.com
Sending IP: 195.231.83.52
From: John <sales@bd-distrbutors.com>
Subject: Purchase Order 4500009762
Attachment: PO_94335.pdf.zip (contains "PO_94335.pdf.bat")

GuLoader payload URL:
https://srv-file18.gofile.io/download/E8d04G/private_me_yFqjqHFn1.bin

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

Win32.Trojan.Occamy

Status:

Malicious

First seen:

2020-05-26 09:36:57 UTC

AV detection:

28 of 48 (58.33%)

Threat level:

2/5

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 669dfc0ce517b0cb8aa67994e711149ff090adab5ffe2f89bfe2c7c089fbb9df

(this sample)

GuLoader

exe 3af2afa3c74278d68dad4e050909855198bc8e2603638effadf38221b6b976ca

Dropping

MD5 4f62da5fc661e7859d2fefece91849cc

Dropping

GuLoader

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 3af2afa3c74278d68dad4e050909855198bc8e2603638effadf38221b6b976ca

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample