MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96e161bfd83d04e546daaa67265a484923cbc70a4d0ce34c9e4ed14ec172f653. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96e161bfd83d04e546daaa67265a484923cbc70a4d0ce34c9e4ed14ec172f653
SHA3-384 hash: ab911666ad5ec8466dded7800cd3e7f6303c7574213028ce9b28b2f5f5b8598522106ba4a8e5f3336e9df7382dab236e
SHA1 hash: c2a459787f09423d9ffd454ac79e50f75ccd2cf0
MD5 hash: b812cf992e5086729015754e8bc870dc
humanhash: pasta-connecticut-snake-happy
File name:lab Quote 3000.pdf.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:24'886 bytes
First seen:2020-05-21 10:29:41 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 768:7Wpor2ilT3LKb5+8Cwj3bYjzxEu21p2UU:74or2ilng+ALYHt21kp
TLSH 98B2E23AC5F016723955B6FCF06BD2FA0500BDDC145396B2DC8C1A24228CD99ADC3CAA
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: protekmedical.com
Sending IP: 209.58.149.73
From: AmandaLankford@protekmedical.com
Subject: Confirm Scanned_ purchase PO.45012786018 || Singapore
Attachment: lab Quote 3000.pdf.gz (contains "lab Quote 3000#.pdf.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=19wVtxHamAS-N68Gz1qqOEuW1z9bmt72lZ

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:37:03 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s3qwdp6yhucokrw2vjtsmwsijer4xrykjugogte6j3iu5qls6zjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 96e161bfd83d04e546daaa67265a484923cbc70a4d0ce34c9e4ed14ec172f653

(this sample)

GuLoader

Executable exe 4efb9c06d7fbfe766220885b9f1320589cf9ae96a900a935e2d1ef3cfa971a3d

  
Dropping
MD5 11f1444654d2006cfe377560b5a33d01
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4efb9c06d7fbfe766220885b9f1320589cf9ae96a900a935e2d1ef3cfa971a3d

Comments