MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9368bdfc16026aa21294b362135af22d0006a5b64d6b0f0333581302f1341757. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 1


Intelligence 1 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9368bdfc16026aa21294b362135af22d0006a5b64d6b0f0333581302f1341757
SHA3-384 hash: fc0b30e88741a42fc54d0bb0144f513aaaf2fc93fa9c998e72083aae4fdf387c17e8503f5cdddbd81bf0aa7cfcaae6eb
SHA1 hash: 3809013f13bdc18fad136a27d952f46dc02eb977
MD5 hash: 6d9eeef580a5451d55623f1560ba02fc
humanhash: iowa-september-enemy-zulu
File name:Penalty OrderKRA202021003314.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'897 bytes
First seen:2020-05-28 13:15:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:t3mt8I9Frn4p7Bh9EJ4OM8GA88nvP6mbodETtk9HOfrsXIrQrTALyjrW:5y8UFE7BhCSOfGqn36msd8kkrsXIQE
TLSH B1B2F1262A7FD164EDD2CA2924183A9778C77D8B27EDE632349702B323B4DCD69105A0
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: host130.cityonlinebd.net
Sending IP: 113.212.108.130
From: admin.itax2@kra.go.ke
Reply-To: admin.itax2@kra.go.ke
Subject: Penalty Order
Attachment: Penalty OrderKRA202021003314.zip (contains "Penalty OrderKRA202021003314.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1KCdv1fyNcGJxTDTbVrAM48cj3OY1-6QE

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34122.dm0@aCKiP7fi.25308.UNOFFICIAL
Create hunting rule

Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 9368bdfc16026aa21294b362135af22d0006a5b64d6b0f0333581302f1341757

(this sample)

GuLoader

Executable exe 4bbbdca53bbe4ce27fc929968933f482e17a3161abaf8d7bc06cc06b5a5d1b7b

  
URLhaus
https://urlhaus.abuse.ch/url/371069/
  
Dropping
MD5 ea814ff25a80456d1db7cc2d9679eda1
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4bbbdca53bbe4ce27fc929968933f482e17a3161abaf8d7bc06cc06b5a5d1b7b

Comments