MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96cff7d6546b7b32a7dd77f6f41d9d5276c5a1cf5190985ad6307403667476dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96cff7d6546b7b32a7dd77f6f41d9d5276c5a1cf5190985ad6307403667476dc
SHA3-384 hash: 308738918cfb824a7042cd7c57c25df79524c5cd3a4c14a541f3d70887d39a162d7b3f2161be8cd767f5a0b74afe78bc
SHA1 hash: 638cd5d89b088475da1724bac55ded427f9c3347
MD5 hash: a91d07a5510a49ea0a07655a4a701e03
humanhash: autumn-texas-thirteen-cold
File name:TT Water Sdn Bhd.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'635 bytes
First seen:2020-06-03 13:32:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:Bd62eTqmrP74a/rmhga+f8U46vUJrnRWK6Ghvi1EXLZKJdJ:Hlmbl66a+UBlvvcg1mJ
TLSH 977302B0D152BA497B97AB600FBE20000E573BD07E2756A4A63B9986D95F43F35C3339
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.huttprimax.partners
Sending IP: 162.241.215.47
From: altan@tenagatiub.com.my
Reply-To: altan.tenagatiub@email.com
Subject: TT Water Sdn Bhd // Inquiry For Quotation //
Attachment: TT Water Sdn Bhd.zip (contains "TT Water Sdn Bhd.exe")

GuLoader payload URL:
https://copiadoras-delcentro.com/a1/bin_iPotw156.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 09:14:48 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s3h7pvsunn5tfj65o73pihm5kj3mliopkgijqwwwgb2agztuo3oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 96cff7d6546b7b32a7dd77f6f41d9d5276c5a1cf5190985ad6307403667476dc

(this sample)

GuLoader

Executable exe 897c29c75ae58e4057c0d32c3704469a7ecfa4878f5d0c60ad8abe2fa821b0b0

  
URLhaus
https://urlhaus.abuse.ch/url/376030/
  
Dropping
MD5 436b1bc1afdda0fe35ecdbb59035e7bf
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 897c29c75ae58e4057c0d32c3704469a7ecfa4878f5d0c60ad8abe2fa821b0b0

Comments