MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70a8e4ef9d23acf3bdf6279ffb37d6eb91e833c32709ef1b690b0d695148ee28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70a8e4ef9d23acf3bdf6279ffb37d6eb91e833c32709ef1b690b0d695148ee28
SHA3-384 hash: 2f353b9f0c34e4176828ba6a7a9014f6776fab2a7c1e73664e8a9d7315380c9a650be418b36e773e9a6e649cc64cd2e3
SHA1 hash: c1da43ca45bf4e5cb1e570c4d699ef2536dfd3fc
MD5 hash: 47e88e9247a6207160f7436b59f28b35
humanhash: delta-alanine-georgia-tango
File name:picture of goods.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:25'587 bytes
First seen:2020-06-01 10:50:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:NosaNEFO/APqzuhyZTFT+gqjB1oy98m/wb:NosK4Zkp+ei8ms
TLSH 42B2F2D36DD14AE08152EEE0814E36C18BD986CAC5B6003CED9D08E03BB14D95ADBE7D
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "Sales Engineer" <user@t-online.de>
Subject: Re:picture of goods we will like to order from you.
Attachment: picture of goods.rar (contains "picture of goods.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1kN4VPo1_RNFEQ4TY3qu5ofOp5npfsV0o

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 11:35:37 UTC
AV detection:
17 of 47 (36.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ocuoj345eowphppwe6p7wn6w5oi6qm6de4e66g3jbmgwsuki5yua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 70a8e4ef9d23acf3bdf6279ffb37d6eb91e833c32709ef1b690b0d695148ee28

(this sample)

GuLoader

Executable exe 7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71

  
URLhaus
https://urlhaus.abuse.ch/url/373134/
  
Dropping
MD5 9cb9a328138f3ae9bc298b46d8f8ec1f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7522e963fbeadde98b1486f0d8d2d1a15011812b06d06f1a5bc21caee6876e71

Comments