MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 847b24e839ea4bd525d6cfc50ab0a08eea5a9647751b3d2c69be645c55e83c85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 847b24e839ea4bd525d6cfc50ab0a08eea5a9647751b3d2c69be645c55e83c85
SHA3-384 hash: 33658bb0787ae8fe985456d1d02622a72f7acd4b369f79dbf3b3f05b19738a4c9eb9c142f963ca6bca75184b25ecddb9
SHA1 hash: 4da213924a74c8db2219cf522439f4a0bbd612a3
MD5 hash: 38c59006629c460540e2992f4d17915a
humanhash: low-july-california-venus
File name:Invoice 06trsd44 for check.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:30'421 bytes
First seen:2020-05-26 07:29:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:m6h3uFLBAT98IXqeBBdlGquhDJJKRnPaU3CLXU:Vhe/gWIXhiXJk3mk
TLSH 69D2E11D22892EE51FC3DEF14D9C140559004E6E73EA4BD9419B38210BE2DE9BB873AF
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hunanpipe.com
Sending IP: 156.96.59.92
From: sherly<sherly23@hunanpipe.com>
Subject: Incorrect Invoice For Amendment Asap!
Attachment: Invoice 06trsd44 for check.zip (contains "Invoice 06trsd44 for check.exe")

GuLoader payload URL:
http://hosseinsoltani.ir/wp-includes/fonts/gozman_fOgNPZ59.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.24016.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21103.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 21:28:10 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 847b24e839ea4bd525d6cfc50ab0a08eea5a9647751b3d2c69be645c55e83c85

(this sample)

GuLoader

Executable exe b16a20057b577660cec3a602bcfda96f40152aee86d0978babc68b7ca4391942

  
URLhaus
https://urlhaus.abuse.ch/url/368654/
  
Dropping
MD5 0268b84c0a2659565a3bddeb5ce592fa
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b16a20057b577660cec3a602bcfda96f40152aee86d0978babc68b7ca4391942

Comments