MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8841216b857bcc06db75da75377860dec8c9db8a803859dc1a13a5bf8a074702. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8841216b857bcc06db75da75377860dec8c9db8a803859dc1a13a5bf8a074702
SHA3-384 hash: 3a8490bed784f6d593aa4ce2453907e8b63b0b51e7cd21561a0c06a750a3f0c1aa275d73cb06f4ad0022224f6fec0dd0
SHA1 hash: 36da22e0045c7abeba39431b2d90440ae882e793
MD5 hash: 47976c4c6428cb7cd535562d241a9207
humanhash: quiet-virginia-july-tennessee
File name:Swift Copy000056.pdf.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:28'253 bytes
First seen:2020-06-02 11:01:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:Ye5819iFPW4s/dG+tJNaGXJxC2JrgwYTZjx0m4XiARkN:Ye5yiFOl/dptJwGhrAZjUXhRy
TLSH 62C2E1BBEA274861A28AD0FD83D768674436FD89CE736C392DD684A0BF074D144D1A1F
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: box.tfddggder.xyz
Sending IP: 192.236.146.13
From: ''Hui En Teng'' <info@tfddggder.xyz>
Subject: Re: Payment Breakdown for Consignment 14/05/2020
Attachment: Swift Copy000056.pdf.z (contains "PROSTIT.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=11NAZslAWBWkK1b4dFviELvvgWl48QHr6

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7993067-0
Create hunting rule

Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Lokibot
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 22:22:06 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rbasc24fppganw3v3j2to6da33emtw4kqa4ftxa2cos37cqhi4ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8841216b857bcc06db75da75377860dec8c9db8a803859dc1a13a5bf8a074702

(this sample)

GuLoader

Executable exe 00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec

  
URLhaus
https://urlhaus.abuse.ch/url/372236/
  
Dropping
MD5 28e9cb01d813b4fd252390a50a455e8a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 00d1510ab154eb7e4b09ee4ac915fab0577c5b516fd99375b19eab8eaebac4ec

Comments