MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8597d45b19d0ef100cc0cefd557b1252badf6b1031d071c0b3463592cc902be2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8597d45b19d0ef100cc0cefd557b1252badf6b1031d071c0b3463592cc902be2
SHA3-384 hash: c4e9ad8704f85d7fea17e0add75b6d27fe232f2706c3dcca7c32fd6c70017fabce1030bc811e291146480255f52bf850
SHA1 hash: 23a1e0877465386efe2bd3358e42be71ea3b9b71
MD5 hash: a8ee3ff0a8db9fdcb7d715be1cc37ec9
humanhash: papa-monkey-foxtrot-sink
File name:FA.202005.000638.DOC.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-10 11:34:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:sIwGMjJvbviBAyI/OUaOg289NruLyNDOgbglUaZoCWSMT65Bl:szG0Lp2U3YO2Odl/
TLSH 9D456C5B2D089953F12083B01D7295A5A738BD285501AF1B3E9C7F5DDF72A827CE331A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: myuncommon.favour.com127.0.0.1
Sending IP: 2.56.8.246
From: info@gratacos.site
Subject: Pago rechazado
Attachment: FA.202005.000638.DOC.img (contains "FA.202005.000638.DOC.exe")

GuLoader payload URL:
https://onedrive.live.com/Download?cid=3BCD34D8AC2D7789&resid=3BCD34D8AC2D7789%21435&authkey=ADMsJhgPkBTcqZs

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Malwarex-8014471-0
Create hunting rule

Win.Malware.Malwarex-8014474-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:36:05 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qwl5iwyz2dxradgaz36vk6yskk5n62yqghihdqftiy2zfteqfpra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8597d45b19d0ef100cc0cefd557b1252badf6b1031d071c0b3463592cc902be2

(this sample)

GuLoader

Executable exe 706d17f8918076d94553487e8a8a51c2145ae4530a4ab9993c3b0e0480edf57c

  
URLhaus
https://urlhaus.abuse.ch/url/383111/
  
Dropping
MD5 2f18915a978f143398e307c7a25e528d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 706d17f8918076d94553487e8a8a51c2145ae4530a4ab9993c3b0e0480edf57c

Comments