MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6acadb0b042b08daf2b0b372641cf28f4ed48120ab6392d930a79724bb440cbb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6acadb0b042b08daf2b0b372641cf28f4ed48120ab6392d930a79724bb440cbb
SHA3-384 hash: eafe03d4388eb3d61bcb7e01ce63bd91abb425c5470872035ca00ed404a412a381111b7cf16beb16ae97b960c42b8cd4
SHA1 hash: 8f96b997ea7dc89362fe042ce3db2cabd56adb8b
MD5 hash: 2d06ffee4491ab2a51cd1e15b7806706
humanhash: mississippi-massachusetts-red-juliet
File name:TV7801-19Kpcs_doc.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:26'704 bytes
First seen:2020-05-21 08:53:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:Qx8VitaZrKxqLrDxiWfAeZ38fQum8Y84NXDcwof8rmwboYLbpCISq0/B4fpw:Q+kjsLIWfnUQhIwoEDHJlW/B4hw
TLSH 49C2E09CE4CD1BFEA74159A03F1003BDAA73E17FB9CD72E8402B41E65A567B20918B42
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cloudserver015062.home.pl
Sending IP: 62.129.219.76
From: Sarah Bells <czby89@czbyie.com>
Subject: RE: PK4582-20
Attachment: TV7801-19Kpcs_doc.rar (contains "TV7801-19Kpcs_doc.scr")

GuLoader payload URL:
http://azureautomation.co.uk/NonsoLoader_VHLEWvfA1.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 09:36:27 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nlfnwcyefmenv4vqwnzgihhsr5hnjajavnrzfwjqu6lsjo2ebs5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 6acadb0b042b08daf2b0b372641cf28f4ed48120ab6392d930a79724bb440cbb

(this sample)

GuLoader

Executable exe ffd4e843982551c8900daf559ee27a07c7fdeeb6a63e5075fbb8e98c8280f605

  
URLhaus
https://urlhaus.abuse.ch/url/365759/
  
Dropping
MD5 ef42adb5639da871e337b4ad4df534ea
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ffd4e843982551c8900daf559ee27a07c7fdeeb6a63e5075fbb8e98c8280f605

Comments