MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a0315e216c3c8113675240c37c8bcb200747cea1361e2a164d03e86362be9db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: 8a0315e216c3c8113675240c37c8bcb200747cea1361e2a164d03e86362be9db
SHA1 hash: 3159101e1ade151d1b30a4d56e38304679950afb
MD5 hash: 79717c60805b63e2ce8252b0b6e26bf7
File name:DOC22052020.img
Download: download sample
Signature GuLoader
File size:147'456 bytes
First seen:2020-05-22 10:02:59 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:qp1pd8/n28tp5VJruvkuaYQ8NLK1RAXc5jHMZcNR7vF6TM05uVCcpyVrolZHhyw2:55pfJavkT8/4jsZm65co2ZHhyF
TLSH 0DE33B2A7A50F9A6C9204FF11D31CAD40667BD7019620B077ACE7F6D2F3394E9929393
Reporter @abuse_ch
Tags:GuLoader img


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: poc.creationfinancial.co.uk
Sending IP: 178.62.94.186
From: pablo <info@100gbit-ethernet.net>
Reply-To: kodak3399@protonmail.com
Subject: RE: 02-REQUEST FOR - STOCK
Attachment: DOC22052020.img (contains "DOC22052020.exe")

GuLoader payload URL:
https://noirrealtysolution.com//are/bin_bwocAPbwD126.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country US US
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 8.47%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 8a0315e216c3c8113675240c37c8bcb200747cea1361e2a164d03e86362be9db

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments