MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 879915d887a9f439562bcfae10a7be4f07badf13a259a22bbfbf169036d194f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 879915d887a9f439562bcfae10a7be4f07badf13a259a22bbfbf169036d194f0
SHA3-384 hash: f33fedd1ec5d078af1995a4436e8e333a6c710f5fbc5c014606c85891f0fc9572b5d9a6cde6b657148f8a9a151cc289c
SHA1 hash: 15f0809280bdb5013844893b62b3279a7ed0ba67
MD5 hash: 65e7140e451b47075e468f4dea93a13f
humanhash: december-harry-alaska-angel
File name:INVOICE_28042020.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:38'268 bytes
First seen:2020-06-01 13:38:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:dnH7y0rn1ZATiX96Erewkudzk0o6+06qTyAtU+cHny4NuH:dbyAqa6ErexwI0o6+06qTygU7HyS6
TLSH DC0302C80D4347D1E2A00691B3B567BBE5BA094597381876B7067BDCB205C2489FCAEC
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.errantas.com
Sending IP: 45.95.169.152
From: sales1 <noreply@pleng.net>
Reply-To: noreply@pleng.net
Subject: RE: RE: Invoice overdue for April, 28 (lastmonth)
Attachment: INVOICE_28042020.zip (contains "INVOICE_28042020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=18D4ZtIlpq_yzuzbcPUyLslNs7BNWVKKy

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21146.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 14:36:06 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q6mrlwehvh2dsvrlz6xbbj56j4d3vxytujm2ek57x4ljanwrstya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 879915d887a9f439562bcfae10a7be4f07badf13a259a22bbfbf169036d194f0

(this sample)

GuLoader

Executable exe 63a6658d48cb77efa5b567692abceb0e64823652096604073725b6e1cdfe285a

  
Dropping
MD5 e5f15a05d52ff16b468b588d461a3757
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 63a6658d48cb77efa5b567692abceb0e64823652096604073725b6e1cdfe285a

Comments