MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 878127705f8419c3e06a02a7e00fd4dceadf183b917b2fc3a39d1c4e4df7955e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 878127705f8419c3e06a02a7e00fd4dceadf183b917b2fc3a39d1c4e4df7955e
SHA3-384 hash: 0252f2b4d995dead7fb3242283ba3141ca52a5fa402faaae45e866d6bd1ec4f5d36070100324fc795dc881a44a1204df
SHA1 hash: 8b6751e9a036e8990151fb5ae39f8f9aa69370cf
MD5 hash: df73ab050b891ba2bf3abb043e25eabf
humanhash: friend-six-bacon-butter
File name:attachments.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'249 bytes
First seen:2020-05-27 16:41:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:RNQbxdWA5ucJpi5xgGsR6hdQ3JcPFkdk6GQVE7apAXz:RNQbxdW3pw5R6hdSdkfoEeSXz
TLSH ABE2D15695873C2679EA7AB1F86A8D06D3005FB04CAC0308199EB98597CD9D2D8CA1E7
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: victim-domain
Sending IP: 193.142.58.27
From: victim-email
Reply-To: admin <wiz2018@bk.ru>
Subject: Latest Company Memo / Circular
Attachment: attachments.zip (contains "Memo _ Circular.com")

GuLoader payload URL:
http://windcomtechnologies.com/wizzymax@pakcountrysecurity_wUPewkknfV91.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Jaik.40167.22566.14535.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:43:00 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 878127705f8419c3e06a02a7e00fd4dceadf183b917b2fc3a39d1c4e4df7955e

(this sample)

GuLoader

Executable exe 04f1d85359b1f2a91da1cbaf29c0dc00a838e69c018a95bda951cff1c482bfa5

  
URLhaus
https://urlhaus.abuse.ch/url/367439/
  
Dropping
MD5 9a14e0d4839a2a142866ea54108e1e74
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 04f1d85359b1f2a91da1cbaf29c0dc00a838e69c018a95bda951cff1c482bfa5

Comments