MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8260ca2272dc315e99db6054fd6cc9b1e221a1183198dee3764fcbe15689245a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8260ca2272dc315e99db6054fd6cc9b1e221a1183198dee3764fcbe15689245a
SHA3-384 hash: e727cc24f5f927a96ed6b18f351e307e82fa37c126b7702f7a4ee9cdeccfd3275934579fe4671c324a0d8503400b5a83
SHA1 hash: e9470be83ceefd359557b0e1b74295ea00bcec50
MD5 hash: 84985d8c9d13dcd0536cb1348a8b0a4f
humanhash: snake-november-video-potato
File name:INTER-PIPE PURCHASE ORDER_02062020_pdf.arj
Download: download sample
Signature GuLoader
Create hunting rule
File size:35'904 bytes
First seen:2020-06-02 11:15:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:Kuv66e6x16Ywso8r3UmjQyoUugg0FNcp67DN4aosi+KjCZNJW7moGAwefgA6VPR:KuvVe6LlwaLrjQAJ1FNX7xPT/I6ReAR
TLSH ABF2F176B3E1884DDA193232EF3E561403695C70BBE7AE56486F74127822BCF8067F48
Reporter abuse_ch
Tags:arj GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: s1.smallhost.in
Sending IP: 103.46.239.70
From: KAMAL SHIPPING CO., LTD <contact@kamalcontainers.com>
Subject: INTER-PIPE PURCHASE ORDER NUMBER 06022020
Attachment: INTER-PIPE PURCHASE ORDER_02062020_pdf.arj (contains "INTER-PIPE PURCHASE ORDER_02062020_pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1emdeFT0ppBWGwMGoh2tGfD7cpkKDTuPU

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 20:15:00 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qjqmuits3qyv5go3mbkp23gjwhrcdiiyggmn5y3wj7f6cvujerna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8260ca2272dc315e99db6054fd6cc9b1e221a1183198dee3764fcbe15689245a

(this sample)

GuLoader

Executable exe 8c3d7cd117d98d92e834d53374635acaf20a51a32888642eb621f5225bd9e29f

  
URLhaus
https://urlhaus.abuse.ch/url/374145/
  
Dropping
MD5 1598864808b372c032b1777fd23aa154
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8c3d7cd117d98d92e834d53374635acaf20a51a32888642eb621f5225bd9e29f

Comments