MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 887e0a23b04f89437cf964d5847af1980cd2dfb8211faa41e6f266a6f4cc1507. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 887e0a23b04f89437cf964d5847af1980cd2dfb8211faa41e6f266a6f4cc1507
SHA3-384 hash: df36e9086c697da5c3d0e4d48c588d4a3b05990d690f19d92dc1c4f4dfa42934256b8920f36ff30bc54e6f853e66cd54
SHA1 hash: f5d74f512338255e59a629484f10b4ed183ca268
MD5 hash: 8c8656f9e2a39452329c453d1492d31c
humanhash: vegan-oklahoma-juliet-zebra
File name:RFQ-OM-3994 - Closing Date 15.06.2020 -MEPF-PO-2020-060.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:35'420 bytes
First seen:2020-06-02 11:15:43 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 768:bwPD0wlDGzCCdUzZzFCJlITohRk1tRd+XbMamllnOiirFNBK+2FDct31j:bwPD7eLKFNo3k1tn4MamllOPlK9DW
TLSH 74F2F25053BB2969F7496FA3365D00D7F7A33C994342554EE843E1C2EE1D2C13B2CA54
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: medpex.com
Sending IP: 210.244.73.74
From: Elizabeth Kelleher <purchase.department89@gmail.com>
Subject: Purchase Inquiry - DYNAMIC SOURCING
Attachment: RFQ-OM-3994 - Closing Date 15.06.2020 - MEPF-PO-2020-060.z (contains "RFQ-OM-3994 - Closing Date 15.06.2020 - MEPF-PO-2020-060.scr")

GuLoader payload URL:
http://www.stylam.cc/file/binfle_brHFWEl85.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 04:02:25 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rb7aui5qj6eug7hzmtkyi6xrtagnfx5yeep2uqpg6jtkn5gmcudq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z 887e0a23b04f89437cf964d5847af1980cd2dfb8211faa41e6f266a6f4cc1507

(this sample)

GuLoader

Executable exe 168cd5b5e4d1dfec48777cdc97b74c7b33dca67d176f9add9bb94fa89905db38

  
URLhaus
https://urlhaus.abuse.ch/url/374405/
  
Dropping
MD5 525831379a0e9c744bee35201da35eb1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 168cd5b5e4d1dfec48777cdc97b74c7b33dca67d176f9add9bb94fa89905db38

Comments