MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b4e5eabe58354c1c41f488f410256f3129315168fdcdad24c89c1681be38aaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b4e5eabe58354c1c41f488f410256f3129315168fdcdad24c89c1681be38aaa
SHA3-384 hash: ac9c11a9dbb648ece9c14563cffbd0028a3fadeb2372fea21d927c61b385b4e75147eb00f96db4e62940aa8e14f41502
SHA1 hash: 5cfb476462b67591fbce6200769eba721784f190
MD5 hash: 56dd3f828df50138f8b82a30fa091ef0
humanhash: diet-wyoming-tango-purple
File name:Quotation.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-10 06:48:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:hZdJGMjJvbviBrprxA7YhYM0JyddfrDN+bCJdNJZpor0OO02f+Vii0XmpWMT6VW0:hZXG0+LYM0CHbNJZKOAVth0
TLSH 51457D5B6D089953E061C7B0293292A17729BC2D5901AF5B3F9C7F1CEB326827DD331A
Reporter abuse_ch
Tags:GuLoader HostGator img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gateway24.websitewelcome.com
Sending IP: 192.185.51.36
From: Roma Mehta <info@transvrs.com>
Subject: QUOTATION REQUIRED FOR RFQ NUMBER
Attachment: Quotation.img (contains "Quotation.exe")

GuLoader payload URL:
http://5.206.227.139/oshoo_iFUpLr252.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 06:50:12 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pnhf5k7fqnkmdra7jchucasw6mjjgfiwr7onvusmrhawqg7drkva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 7b4e5eabe58354c1c41f488f410256f3129315168fdcdad24c89c1681be38aaa

(this sample)

GuLoader

Executable exe 17314d9e48839344dafc7dbdb9af89ad08603a106fb09eda8f74af42dd8a8252

  
URLhaus
https://urlhaus.abuse.ch/url/385260/
  
Dropping
MD5 1dcb8c34539681b17c2419a96838d334
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 17314d9e48839344dafc7dbdb9af89ad08603a106fb09eda8f74af42dd8a8252

Comments