MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 969e9bf29a3cc188c76b2f73f161f7bb0a7d83715d41ece8b525dc66617dca4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 969e9bf29a3cc188c76b2f73f161f7bb0a7d83715d41ece8b525dc66617dca4b
SHA3-384 hash: 93b82dc2c93c1cd7ce24fc8867ed453ffc019cd682af23ec99fbf8dd647fc9bc7f218bfada17694fe2f637b0ecef2699
SHA1 hash: 578c414f7c53557916355100020340f06b0fd11c
MD5 hash: cea082d1ae533a26a74f44e33c8a0a04
humanhash: missouri-connecticut-nitrogen-quiet
File name:INQUIRY.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:35'861 bytes
First seen:2020-06-02 11:10:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:05Y1nEtDLzlNtePj53YfUhQJIwDuanphJChl+6Ni:05YWtDY9h8AanxeDi
TLSH 7DF2F1AE60507E44F6DFC8A24898904B43DE5DCB41D8A03E13BE8B726FC65614C2B0FE
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ascendmolds.com
Sending IP: 79.124.8.199
From: Somchai <sales@ascendmolds.com>
Subject: Inquiry
Attachment: INQUIRY.z (contains "INQUIRY.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1nQOxwwmxJx_dxnk_MUNIb4BIEARRJ6cV

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 12:59:46 UTC
AV detection:
12 of 31 (38.71%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s2pjx4u2htayrr3lf5z7cypxxmfh3a3rlva6z2fvexogmyl5zjfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 969e9bf29a3cc188c76b2f73f161f7bb0a7d83715d41ece8b525dc66617dca4b

(this sample)

GuLoader

Executable exe 2c27feaca7c04d48cd54730df7e4c89dc200d18658fd78c6a3388a94f15dca9b

  
URLhaus
https://urlhaus.abuse.ch/url/374439/
  
Dropping
MD5 f7290ad5910c340169bf125deb68e361
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2c27feaca7c04d48cd54730df7e4c89dc200d18658fd78c6a3388a94f15dca9b

Comments