MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 670db79e36936cf51f3cd3177778df4eb11cd8de79cc13c5273d53841833baa9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 670db79e36936cf51f3cd3177778df4eb11cd8de79cc13c5273d53841833baa9
SHA3-384 hash: e5dc7ec042f745ccd9650fd7f8b1f22fa6340d9f1455f1d18e944b23efabc4e680c4b625a8d9c5482b80b0217b29893e
SHA1 hash: a0c0dfd84f75206daa9ac34200b5887d032eb3e8
MD5 hash: dc6d76c83b9532ad400089ce94f107d2
humanhash: magazine-lima-six-william
File name:Payment details.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:23'634 bytes
First seen:2020-05-21 08:33:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:2kAT8VKGcExWXp6iPMDpv2MkRa1weMwKdbITX+hx2WJRE++cZk69FiYUPSgk2:skgqWXpxPMDpv2MnSeMwKOX+z2WJNpZU
TLSH 41B2E1F1BADA762C76307F54B07F844E94C48EA6520D8294CB6FD886A74761D06C0FDC
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: control.yourdomain.com
Sending IP: 168.243.232.218
From: Lenito Gonzales <port.jf@r6.dion.ne.jp>
Subject: Re: Customer remittance $85,217.58
Attachment: Payment details.rar (contains "Payment details.scr")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1cZQVOyqZ1CMgMpV4pMvJlAYyqWL8AURP

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 08:36:19 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m4g3phrwsnwpkhz42mlxo6g7j2yrzwg6phgbhrjhhvjyigbtxkuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 670db79e36936cf51f3cd3177778df4eb11cd8de79cc13c5273d53841833baa9

(this sample)

GuLoader

Executable exe c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0

  
URLhaus
https://urlhaus.abuse.ch/url/366048/
  
Dropping
MD5 dac06d54b922c493a3ef0a9c30b0cfd1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0

Comments