MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 704b4665017734fe8993ecdc3db4fe986d0c4d5fe54a20a839c24ae1f8033f96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 704b4665017734fe8993ecdc3db4fe986d0c4d5fe54a20a839c24ae1f8033f96
SHA3-384 hash: d16fddb9f7c81014ac6e2a57a2b4e64a96f399e21fc9e584edf617a61afebfa5030779b634c2d924f221f7af01dd3723
SHA1 hash: c29824d594c042a1b71223d1852b8ffdb3c282a9
MD5 hash: fd9f3f0a84816b9d43a46eefed017f70
humanhash: one-sierra-glucose-alanine
File name:swift.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:22'030 bytes
First seen:2020-06-08 14:48:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:tJk1nQxrv9EQnxDN0G3c5N4FDQvOgMZLKT1plnUqF/6HCtWIGfM/XYC:tJk1nQ19tZN0GW6KvOg8LYplUqFiHCs6
TLSH B0A2D02CEF2501C8E3A4E1F2FBB91E6D5575CA20B542A57D2654FC23868A93FDF06384
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ap.applightby.live
Sending IP: 45.95.171.246
From: Caspi Group LLC <info@applightby.live>
Reply-To: info@applightby.live
Subject: Fwd: SWIFT Ödənişləri
Attachment: swift.zip (contains "Bortlovedethrawedcomp.scr")

GuLoader payload URL:
https://rocketstore.pt/A/bin_hePKNxjr241.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Ursu
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:50:07 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=obfumzibo42p5cmt5tod3nh6tbwqytk74vfcbkbzyjfod6adh6la._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 704b4665017734fe8993ecdc3db4fe986d0c4d5fe54a20a839c24ae1f8033f96

(this sample)

GuLoader

Executable exe f369e30fd81082121a647df35059bef5bec1195fb240ca1b622ebcce75a4bacb

  
URLhaus
https://urlhaus.abuse.ch/url/383219/
  
Dropping
MD5 c59d40ea8891a1bd9b89e1235ec6af62
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f369e30fd81082121a647df35059bef5bec1195fb240ca1b622ebcce75a4bacb

Comments