MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 916a0e7daea85a6fb2b93f82487543d5076ba2d6749af0f6f8f24cd754fe29a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 916a0e7daea85a6fb2b93f82487543d5076ba2d6749af0f6f8f24cd754fe29a6
SHA3-384 hash: 51ab38fcfc6eb7e0fac1cab951aa96c65f6d62f5088f85a83c85f76f2b6f82b4d84e3621d11012114afa27afdb259f73
SHA1 hash: 7d7b55ba8c565b3934b5ddeb3c359dbb4c8d105f
MD5 hash: ce9a493b4c620e2b993ef1c16bd22e3a
humanhash: robin-butter-virginia-purple
File name:PRODUCT LIST NEW.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:50'199 bytes
First seen:2020-05-28 13:16:18 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 1536:omDQIkDYK7oKrK6y8X/A0BaoU0pDDRXF9QqQJRYjC:oWkEKcKrty8vJaK1D9FzQIjC
TLSH 6D33025AFCCC7D660BCAB2F12D13D3548EC3F6189FBA58CBA5BB38A814411C056560E9
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: diamondhillplywood.pw
Sending IP: 173.82.245.217
From: info@diamondhillplywood.pw <info@diamondhillplywood.pw>
Subject: list of products
Attachment: PRODUCT LIST NEW.gz (contains "PRODUCT LIST NEW.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1q6ngS6rXSJ7lL_ryWYhZKKSWN7QVP3Zy

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:38:11 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 916a0e7daea85a6fb2b93f82487543d5076ba2d6749af0f6f8f24cd754fe29a6

(this sample)

GuLoader

Executable exe 0005e5022cd608e05426c717720cab930b17de32f9afde7af7db5bff68db21ea

  
URLhaus
https://urlhaus.abuse.ch/url/370985/
  
Dropping
MD5 34bacade31886a206ec1a1660d911025
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0005e5022cd608e05426c717720cab930b17de32f9afde7af7db5bff68db21ea

Comments