MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93f178cc71a3fb1b8a39532627791060960b85b9b00763f98dd06218f65d72d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93f178cc71a3fb1b8a39532627791060960b85b9b00763f98dd06218f65d72d6
SHA3-384 hash: 16bbc37cc812d95dc634fb7a5a60509c707e2a65296c4b2d991da82da8b0776612497b4bdd56bae02390e13e0573c039
SHA1 hash: a2f5f5a9802d11b14bb0f2ee29a5ab765fe12f05
MD5 hash: 59f594ea05d60ac1f948584779f674a6
humanhash: two-uranus-mirror-cola
File name:Purchase Order.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:41'149 bytes
First seen:2020-06-09 06:41:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:OxgJyGUQyFT0wQLsGeBJD1CZ815jmlk6f2sv2GRQfboxYN4JqZyIW:OuQ6yF0LsGqJD1jTjakFw2GUioZ4
TLSH D003F1AD55EE0728F1F5296466375AD0A4E378EAB8525F30D4F3941F8A8F293053CB38
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.vimsmail.com
Sending IP: 198.57.186.8
From: Angela <angela@texwelldone.com>
Reply-To: angela@texwelldone.com
Subject: Fwd: REQUEST FOR QUOTATION
Attachment: Purchase Order.zip (contains "Purchase Order.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1bG8yc_o-AM-F8_LsZPB79N1mq3YilFxt

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:43:07 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=spyxrtdrup5rxcrzkmtco6iqmclaxbnzwadwh6mn2brbr5s5olla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 93f178cc71a3fb1b8a39532627791060960b85b9b00763f98dd06218f65d72d6

(this sample)

GuLoader

Executable exe 0cfb7bcb7fec9c1387f38ecd7ebb9456ff4a1d797d0edfb3b467ff9a7661d8ed

  
URLhaus
https://urlhaus.abuse.ch/url/384280/
  
Dropping
MD5 22d8e679fb3d6a2fc740f4ea616b97cd
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0cfb7bcb7fec9c1387f38ecd7ebb9456ff4a1d797d0edfb3b467ff9a7661d8ed

Comments