MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79f4f8fbb3fff6f470ee277e8037b63927ed40ec98bbe7148f8644d5e3f12842. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79f4f8fbb3fff6f470ee277e8037b63927ed40ec98bbe7148f8644d5e3f12842
SHA3-384 hash: 65c4d403e21827ddf52ae0006b5cf366ae2950297ab03d1a0eba02b3dec81b96598866f0b4902131fabbe1392ca8c637
SHA1 hash: a7ca92183cf9c253b3599af982edd57359f054a6
MD5 hash: 010e996b055dc5831058940352bd5827
humanhash: saturn-zulu-queen-timing
File name:NEW INQUIRY MAY-2020_pdf.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'692'523 bytes
First seen:2020-05-12 16:18:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:lCVIqtazKLlYYeJOySXC89nUMW5Rkk07Dor:lRKBuYuS9Uh5akdr
TLSH 9F75331E11924F2F8A53B1D98F8B131EBF0EF42B1AE101AF94DA0AE96C109CD751D797
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 45-138-132-30.derakhshanrah.com
Sending IP: 45.138.132.30
From: Wang Tan <sales@gathersun.com>
Reply-To: Wang Tan <soomla6384@yahoo.com>
Subject: NEW URGENT INQUIRY 2020
Attachment: NEW INQUIRY MAY-2020_pdf.rar (contains "NEW INQUIRY MAY-2020_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:37:02 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ph2pr65t773pi4hoe57ian5whet62qhmtc56ofepqzcnly7rfbba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 79f4f8fbb3fff6f470ee277e8037b63927ed40ec98bbe7148f8644d5e3f12842

(this sample)

GuLoader

Executable exe 8ff2f39aeebe67fb77f29fed1cbdf9918dc2d3abbe924092f7b770eeb5c78ee5

  
Dropping
MD5 27bcd2906bd086cf8c94e4f77c6c3abf
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8ff2f39aeebe67fb77f29fed1cbdf9918dc2d3abbe924092f7b770eeb5c78ee5

Comments