MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fedd1bd55d8317b9a36456cb540410b92bb09df6a7a383d3113a0ad76a74570. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fedd1bd55d8317b9a36456cb540410b92bb09df6a7a383d3113a0ad76a74570
SHA3-384 hash: 6b3fa0567f385a510f24a31a5e447fb99dd697abc875427924e8c086d3987d3e1d23e7d805618fed5a0623f48a4be759
SHA1 hash: d8e4f8075391d576029db9b358380620556aca85
MD5 hash: f430fb086e1115a1824d19f573bb7292
humanhash: cold-edward-vegan-snake
File name:RFQ For Fertilizer and farming equipment supplyEQ2020521SG-630010766.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'248 bytes
First seen:2020-05-21 10:30:05 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:eDAvFpY6e99T9BQN6JX77CDn09Svklmuu6kczuatoBNmmDPDqTJah3vBt1h3M:UAvFpwTDQgQsIPECaymuDF3jzM
TLSH 4BB2D0B662677AD827857C0006D6ABF466ED50D8F88D27044FC4BC18D5B9BBA343984D
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.siniormaintl.ml
Sending IP: 46.21.147.237
From: Total Credit Management Services Ltd. <inquiry@totalcredit.hk>
Subject: RFQ For Fertilizer and farming equipment supply//EQ/2020/521/SG-630010766
Attachment: RFQ For Fertilizer and farming equipment supplyEQ2020521SG-630010766.rar (contains "RFQ For Fertilizer and farming equipment supplyEQ2020521SG-630010766.exe")

GuLoader payload URL:
https://qif.ac.ke/anyii_DbAFfSTiIS190.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:59 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n7w5dpkv3ayxxgrwivwlkqcbbojlwco7nj5dqpjrcoqk25vhivya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 6fedd1bd55d8317b9a36456cb540410b92bb09df6a7a383d3113a0ad76a74570

(this sample)

GuLoader

Executable exe 4196c45770a6cff338d48b681d7f7c0fa3330faefdf165033ee5c89fd295860f

  
URLhaus
https://urlhaus.abuse.ch/url/365506/
  
Dropping
MD5 cdce24d9cc044fa8d7405dc237bdfe68
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4196c45770a6cff338d48b681d7f7c0fa3330faefdf165033ee5c89fd295860f

Comments