MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98a1b3fd65c648090ace36b4cbdac4156c1a6498b8c8956ee938788d7251153d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98a1b3fd65c648090ace36b4cbdac4156c1a6498b8c8956ee938788d7251153d
SHA3-384 hash: 6d4622d97f09f151143968b7ae42397cd0812a79a9cca45d2c626dfaf15db50b362b0481dea58a9bdb7556f9ef23427f
SHA1 hash: 2ba9d90b87fa6f10bfccc194e3f2d8db22ad611d
MD5 hash: 29b274d149df560788dd064537f85b42
humanhash: muppet-massachusetts-alabama-dakota
File name:Product_Order_me.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:91'988 bytes
First seen:2020-08-14 09:08:19 UTC
Last seen:2020-08-14 09:54:18 UTC
File type: zip
MIME type:application/zip
ssdeep 1536:ujGpKG7SK59vlRY79wDE+3rMZCPjtJhyNzaAEFomxILOfPULo0zsCJ5BQ6zWgL+:l5WK59vlRDEkrMZC7tJhiHmxILeoJkgK
TLSH 9A9312E0225B744CE9CE40B6B0656EC6FC2D54F4BF06F42629CABC7421162EA9E82579
Reporter abuse_ch
Tags:GuLoader Hostwinds zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hwsrv-760908.hostwindsdns.com
Sending IP: 104.168.213.82
From: info@kamaehr.com
Reply-To: info@kamaehr.com
Subject: 5 x 40 ft Containers
Attachment: Product_Order_me.zip (contains "Me.jpg.jpg.jpg.scr")

GuLoader payload URL:
https://onedrive.live.com/download?cid=798F780A1F816F26&resid=798F780A1F816F26%21105&authkey=AEnQ1qtRetzoU9o

Intelligence

File Origin
# of uploads :
3
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Graftor.816111.1639.2177.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Variant.Strictor.248325.20742.26080.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Variant.Graftor.816111.26725.20818.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98a1b3fd65c648090ace36b4cbdac4156c1a6498b8c8956ee938788d7251153d/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 09:10:07 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tcq3h7lfyzeascwog22mxwwecvwbuzeyxdejk3xjhb4i24srcu6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/98a1b3fd65c648090ace36b4cbdac4156c1a6498b8c8956ee938788d7251153d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 98a1b3fd65c648090ace36b4cbdac4156c1a6498b8c8956ee938788d7251153d

(this sample)

GuLoader

Executable exe ab58aec6825baf6f83a0c3de3553dd1b727934bcdbb05f6644122911a514f079

  
URLhaus
https://urlhaus.abuse.ch/url/432985/
  
Dropping
MD5 1b6b8763e2d0626c25905fc77cd21d1e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ab58aec6825baf6f83a0c3de3553dd1b727934bcdbb05f6644122911a514f079
  
Dropping
SHA256 0de340a2a9794b550122c8fa1ec237c8d10d1b17473f93313394de1be0906d35
  
Dropping
MD5 1573f872ef0f8707af61a871f4df2e54
  
Dropping
SHA256 a465bb38250994671f200d8c66cfc0718354bc8974713ba6f9f3eb15a4acec7d
  
Dropping
MD5 8516b92ff700665a4e5360c3b464da28

Comments