MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 690a0e008b5610b1dca0def0094817689a7d506eb397662db11644867528d969. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 690a0e008b5610b1dca0def0094817689a7d506eb397662db11644867528d969
SHA3-384 hash: e038ef6f4555ccee81064cbea93e171f20f83fef2ad10897d054ac2d736688d58b1a4b587645d30cd4c7deb7265bf7d7
SHA1 hash: ab96e2c1bdf41944f40c36b4b53df3fbc58c0faf
MD5 hash: ab21e5b6c3fed30e54eda5f2efa85fdd
humanhash: bakerloo-juliet-queen-mexico
File name:QuotationRequst0882020.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'450 bytes
First seen:2020-05-26 08:56:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:Hncu1iwOle/Stv+PtW13uLxGwptCTPEQrJMdafQT:HcBlegm1WRuNGOs8sMMQT
TLSH 26F2F18F01840803D03378FE9FAB6D4655863616C7AAB7BC86116BB89DE9D1CDB04CD7
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: advantec-japan.co.jp
Sending IP: 160.20.147.182
From: Noli Ramos Calimlim(カリムリム ノーリ ラモス)<n.calimlem@advantec-japan.co.jp>
Subject: quest for Quotation (Targets and Evaporation Materials) and Manufacturing Details
Attachment: QuotationRequst0882020.zip (contains "QuotationRequst#0882020.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=46B98FE6F0D79519&resid=46B98FE6F0D79519%211842&authkey=ANcfRm-0LjxFJQY

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:57 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 690a0e008b5610b1dca0def0094817689a7d506eb397662db11644867528d969

(this sample)

GuLoader

Executable exe 37f99fd8cd0da50db89ff0b8fa05029e283aa5ac0cb8770dd17514dbf760f744

  
URLhaus
https://urlhaus.abuse.ch/url/365781/
  
Dropping
MD5 b6461a0e92c679eb19b596a4f196cf86
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 37f99fd8cd0da50db89ff0b8fa05029e283aa5ac0cb8770dd17514dbf760f744

Comments