MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f47b20b73eeab43e68224043505270b6c4348012ae5ea7f53ac184d753f4f36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f47b20b73eeab43e68224043505270b6c4348012ae5ea7f53ac184d753f4f36
SHA3-384 hash: 143a8e818960a69b8093ac732f58e96639e72e5e27280e87c87fd8b9f35d453a0f88f1b08afa6a369924b439b873d101
SHA1 hash: 4cfddd86315acf5d6517f9ecabb083e0c2485667
MD5 hash: 32d87dd65a4cdab0d1774ba0f4a4c52c
humanhash: alpha-hamper-eighteen-network
File name:Outstanding Payment may 2020.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'092 bytes
First seen:2020-06-10 12:34:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:AZS+0bjslHI4xasq87BBuKhHnDIRYjR6lAe16AXr:AZS+0slIOa07BTHDU6/AXr
TLSH 3CE2F13F4FA61C662E1734B1E3E482A1608133068EC47A85616F769CABD7759A0F4FD3
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "Quynh Anh (Ms.)" <prasong@carryboy.com>
Subject: (122614) - update payment date
Attachment: Outstanding Payment may 2020.zip (contains "Outstanding Payment may 2020.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1--kDrv0mEPn0xNss2qHQVstzFVFrLK4N

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMIT.7849.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:36:07 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r5d3ec3t52vuhzuceqcdkbjhbnwegsabfls6u72tvqme25j7j43a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8f47b20b73eeab43e68224043505270b6c4348012ae5ea7f53ac184d753f4f36

(this sample)

GuLoader

Executable exe 573e0b24a46f4c80e6e20d935166a5cbe9bfb3c9704831ac3d2f12ed704290c6

  
URLhaus
https://urlhaus.abuse.ch/url/385333/
  
Dropping
MD5 ddb11fa5c223047e9ce24acca7164428
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 573e0b24a46f4c80e6e20d935166a5cbe9bfb3c9704831ac3d2f12ed704290c6

Comments