MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ad72888a4c44a2f79977b3fc4e68bdc519c414ce7aae7ef438432a40e67c168. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ad72888a4c44a2f79977b3fc4e68bdc519c414ce7aae7ef438432a40e67c168
SHA3-384 hash: 2e20df59f4db247272961d479a0585ec6dba750a271c30014d1ff9e2e0795ac36c0947db57feb0ce3a6ee9c5b90a62c9
SHA1 hash: 9440a12f5bdf3acbc53a6fb5c3e842f4fc94282b
MD5 hash: fdf5b97b23b62e9b8f65b49f98000104
humanhash: wisconsin-three-maryland-monkey
File name:New Order.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:30'652 bytes
First seen:2020-05-11 05:16:22 UTC
Last seen:2020-05-11 06:52:35 UTC
File type: zip
MIME type:application/zip
ssdeep 768:VXT7kLL4CctAAFpaEIEyLYeuzTPJpsRM4y0wBSKAzH91IeO4uTnd2y:VTiApoNEvAo7Qdye74nP
TLSH DAD2E0F76F17F21EC5963E6316155AAB3426F62537827D0988089B60AF9E0E1FA103C0
Reporter cocaman
Tags:GuLoader zip


Avatar
cocaman
Malicious email
From: Aishath Luha <contato@arsgroup.com.br>
Received: from kalbesourcing.com (unknown [134.209.198.250])
Date: 11 May 2020 01:02:24 +0000
Subject: Re:Re: New Inquiry
Attachment: New Order.zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45508.5554.1027.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 01:42:06 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rllsrcfeyrfc66mxpm74jzul3rizyqkm46vop32dqqzkidthyfua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8ad72888a4c44a2f79977b3fc4e68bdc519c414ce7aae7ef438432a40e67c168

(this sample)

GuLoader

Executable exe 0fc20e3e9fe037a0de30f8162d618a0b8e634bee0fa1bac1f1219a9adc4d6016

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0fc20e3e9fe037a0de30f8162d618a0b8e634bee0fa1bac1f1219a9adc4d6016

Comments