MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76e58ef3bd7ac087d01c5bd0b9983fe2725617c1459e4b37eea9f364209fd09c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76e58ef3bd7ac087d01c5bd0b9983fe2725617c1459e4b37eea9f364209fd09c
SHA3-384 hash: 20de071caec660ef34df6c8d21adbc11078cac8b20a5fc77e1261551e38951bc3f803b8d6b322f21b8d0dd4e3b3d33c6
SHA1 hash: ab7dee7de66346d32910c2a400c38f132e229e79
MD5 hash: 1545f6ebde8dda9cf8d9085a2b6195c1
humanhash: jupiter-robin-golf-cat
File name:PO200325042-0326.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'487 bytes
First seen:2020-06-02 11:16:46 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 768:GjAsIDM2278J2dNIgJekSJb8E47ujcv04R95I6iYkJkcBKUo:Ts6PBJ2dfJqyOg0kE6vmbo
TLSH 6413F1D9C57AFF88A6C4B64C08A9C0AE54B76CF8849954CE135700DEEC2BBC12B8B4D5
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server0.intouchsport.net
Sending IP: 192.119.111.82
From: lucyxie <info@intouchsport.net>
Subject: new order list
Attachment: PO200325042-0326.z (contains "PO200325042-0326.exe")

GuLoader payload URL:
http://188.165.89.101/office_LRvjLh214.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 11:37:25 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o3sy5455plaipua4lpiltgb74jzfmf6biwpewn7ovhzwiie72coa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z 76e58ef3bd7ac087d01c5bd0b9983fe2725617c1459e4b37eea9f364209fd09c

(this sample)

GuLoader

Executable exe 2a058410467d9a9aca36e588d9e3a0436b90b949c352f05ace83aa244e2567a2

  
URLhaus
https://urlhaus.abuse.ch/url/374272/
  
Dropping
MD5 76ac534ef812f50fb5a4303376e91f96
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a058410467d9a9aca36e588d9e3a0436b90b949c352f05ace83aa244e2567a2

Comments