MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98b52631c4763ac51ec417c1893f56046a68b131f0c1a66f7cec684b64dcdaf3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98b52631c4763ac51ec417c1893f56046a68b131f0c1a66f7cec684b64dcdaf3
SHA3-384 hash: 561cfb0cde30d8966a2938409790ead85f72f266af3cdc664fbf9342ff6bf7d32f30944e285956b55fdb8a25c54e4cc4
SHA1 hash: d7aaa876a3cec3c82f2789e676dc48831ef1b2fd
MD5 hash: 66467e4199fd277939c539f7ba6d1500
humanhash: lemon-uranus-lion-carpet
File name:IF01200008459518.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'723 bytes
First seen:2020-05-26 09:07:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:uvYEm6SdD4C5qCgWTfey3VsoTP+uSZKrpJxGtENBNiCqF5fLM+:ulmv0CbfeWsg+/ZqTGtEzM2+
TLSH 2CF2F18E75F1E3CBA69B84DF3D086296AC545ACCF903B114A861FB1488637381E6579C
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail0.516.drienimeoni.casa
Sending IP: 159.65.146.65
From: Roger P. Levy <P.Roger@516.drienimeoni.casa>
Subject: Re: Payment Advise IF01200008459518
Attachment: IF01200008459518.zip (contains "IF01200008459518.exe")

GuLoader paylod URL:
https://onedrive.live.com/download?cid=6605275726C6094A&resid=6605275726C6094A%21131&authkey=AD30p2_I98BMXso

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:07 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 98b52631c4763ac51ec417c1893f56046a68b131f0c1a66f7cec684b64dcdaf3

(this sample)

GuLoader

Executable exe 8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6

  
URLhaus
https://urlhaus.abuse.ch/url/368729/
  
Dropping
MD5 6ef7c13f0e90447d53460a04575548f0
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6

Comments