MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67e898a336538d1dc3e285c566a86ae2f832fb3f34759e5d5b2b641429708219. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67e898a336538d1dc3e285c566a86ae2f832fb3f34759e5d5b2b641429708219
SHA3-384 hash: 33fbe115f1a60f37ca76ab595ab657de83a32a7ca06ba0c0c69b14c68077024fa09b7d2bd97c939e3b82ac315108089b
SHA1 hash: 9e6bffd18df862c58e05145ff2edafe764a03660
MD5 hash: f2551a5df341f051dbef81c9850b0591
humanhash: failed-coffee-mirror-seven
File name:Scan00021_PDF.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:48'767 bytes
First seen:2020-06-08 15:30:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:h8nVtKg1Je1i0g8brRSih7n/PTLBZnUasP5ZzIWk8uPjKimyzN09L6zsz07wberm:3wmLbfVnBZUag5N16eh9AADi0d
TLSH 7C23F2B1021B93878662066591EBD63BFC970BD94D002D855C8528FFEA2CE05876FFD6
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: maya.hosting-mexico.net
Sending IP: 67.217.34.58
From: Mónica Yanchapaxi <lbenmamar@technisangles.fr>
Subject: IMP. 079/2020 - SWIFT PAYMENT NESHIN SPINNING CO. LTD(amount USD 46.933,27)
Attachment: Scan00021_PDF.zip (contains "Scan00021_PDF.com")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1QvkllL0euYpSoEkXaGJdrPUc4tKfV31D

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CLASSIC.9869.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 15:32:05 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m7ujrizwkogr3q7cqxcwnkdk4l4df6z7gr2z4xk3fnsbiklqqimq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 67e898a336538d1dc3e285c566a86ae2f832fb3f34759e5d5b2b641429708219

(this sample)

GuLoader

Executable exe c6047de8e054e7a4819c82f3d00d576cab07778da4cc68c7d71f4d363621afd4

  
Dropping
MD5 206740bbeb22e72318d198fcbdefeab1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c6047de8e054e7a4819c82f3d00d576cab07778da4cc68c7d71f4d363621afd4

Comments