MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 7 Yara Comments 1

SHA256 hash: 98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e
SHA3-384 hash: 07bbd8dd06252778e78854aeca79f7d0ec6b5f486e53b8716662d0b70aadd8bc8ec20c8e436c78ce5a7a583f6f413c6e
SHA1 hash: caa43cdfd1ec56602c66fbabaa0790bec1a0d41d
MD5 hash: 84ada40cf5dc6367db6d5c04f6f17ee6
humanhash: fourteen-beer-black-nine
File name:rechnung.exe
Download: download sample
Signature GuLoader
File size:126'976 bytes
First seen:2020-05-26 10:11:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f5ac698f48a45ce084344ecdb29b016d
ssdeep 1536:saavG7nFO96nAr09M4QbXBy66kYMH32eZ6m2iOBHAMwPGtVD518MXTbI:yvG7nFO96ArQHZMX2MRsD5JT8
TLSH 26C308337CACEE41E95C2FF10D73A95B29166C2066914F2B7A46FB1C66361D138E072D
Reporter @abuse_ch
Tags:AZORult DEU exe geo GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: dd37126.kasserver.com
Sending IP: 85.13.153.207
From: bschaefer@schloss-willebadessen.de
Subject: AW: AW: Zahlungsbeleg und Auftragsbestätigung 26-05-20 Rechnung_20-613129926-001
Attachment: rechnung.zip (contains "rechnung.exe")

AZORult payload URL:
http://156.96.118.179/RSol.bin

AZORult C2:
http://infosales.duckdns.org/index.php

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 35
Origin country US US
CAPE Sandbox Detection:Azorult
Link: https://www.capesandbox.com/analysis/4992/
ClamAV SecuriteInfo.com.Variant.Jaik.40161.21974.30191.UNOFFICIAL
CERT.PL MWDB Gathering data
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Grp
First seen:2020-05-26 10:36:51 UTC
AV detection:33 of 48 (68.75%)
Threat level:   5/5
VirusTotal:Virustotal results 29.17%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 98c39c41a62349078a4b09ae665ed9945dd207b7c02b38fa58a639089721bc5e

(this sample)

Comments



Avatar
CAPE Sandbox commented on 2020-05-27 10:18:02 UTC

#Azorult

https://capesandbox.com/analysis/4986/