MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91b9ccd97449ddfad38bcf679951e26a89ab5872c09c99635d99257f0e7601f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91b9ccd97449ddfad38bcf679951e26a89ab5872c09c99635d99257f0e7601f4
SHA3-384 hash: ee479a1d743862705cf2e53a2b3aac82b20ee78d21d08a4d73e799e476db6d37ba1fc96070e127a5fbec09dd237b4908
SHA1 hash: e52b365c1a756066b2d45bf9f0dc498b25a1af3a
MD5 hash: 2c1412d5634ad13446045d06357d4ee4
humanhash: coffee-pizza-pennsylvania-beer
File name:attachments.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'302 bytes
First seen:2020-05-27 17:29:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:bOOFkMLi5SqpxbnhZbGcROSIYKS2QdTljRmV:bOXMoS8xbhZbG4OSVpjRmV
TLSH D1E2F1FB80B34DBB21481FAE3F21955B13C7A5CD50B09A25FFD233A71A70007997A906
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: victim-domain
Sending IP: 193.142.58.27
From: victim-email
Reply-To: appoint <wiz2018@bk.ru>
Subject: Fw: Latest Company Memo / Circular
Attachment: attachments.zip (contains "Memo _ Circular.com")

GuLoader payload URL:
http://windcomtechnologies.com/wizzymax@pakcountrysecurity_wUPewkknfV91.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:37:01 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 91b9ccd97449ddfad38bcf679951e26a89ab5872c09c99635d99257f0e7601f4

(this sample)

GuLoader

Executable exe a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248

  
URLhaus
https://urlhaus.abuse.ch/url/367439/
  
Dropping
MD5 b1d05cc90c4a3d78c2e67b8266f2f3f6
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a020b1d430a80a59b4578da28132bb4354c44d62095078d8aaa1471361bb4248

Comments