MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bf4ee401c2da4daaa3d2a4abbbb26fa069edf4dc2b6baf3ec7b4b57b505e76a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 7bf4ee401c2da4daaa3d2a4abbbb26fa069edf4dc2b6baf3ec7b4b57b505e76a
SHA1 hash: a054fa83607405bae17a482282d61caf67667fba
MD5 hash: cd56a0e76f025665c9bcb8d7ab81c97d
File name:order_febuary_list.r01
Download: download sample
Signature GuLoader
File size:23'889 bytes
First seen:2020-05-22 10:00:28 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 384:OjRHnT4vusS7HpifaSXOmNpHToziZdWXn+bEsBhak0iWbwdLhe5U4efcO8EMDlOu:OjRHBRHp8XRNGNC9BhakNLhe64ektElu
TLSH F8B2E105F14BB232FF6C55C55DB57D868D71EADB3902B860FA54120FE90A92AC60CAD4
Reporter @abuse_ch
Tags:GuLoader r01


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: sky.brawaa.com
Sending IP: 78.46.72.211
From: Yasin KURT <sales1@goker.com.tr>
Subject: Repeat Order//Febuary invoice.
Attachment: order_febuary_list.r01 (contains "order_febuary_list.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1WlfkTpWmng1Gw8DOf9Lh78LzkMHMxO8C

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 30.65%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r01 7bf4ee401c2da4daaa3d2a4abbbb26fa069edf4dc2b6baf3ec7b4b57b505e76a

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments