MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f3083e1697b2ffd7c56550f89ab6b98a7de6e12925db3e53ac2bad4b73639be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f3083e1697b2ffd7c56550f89ab6b98a7de6e12925db3e53ac2bad4b73639be
SHA3-384 hash: 3fb0b0f27bcc2126e2ae304b70a44264374fe5e861e4a876d19414de52b87d9915218a16820d6ab46924d2aec95f484a
SHA1 hash: cf0c8bb26bee03523311f8fb69d6c3a13a18cd97
MD5 hash: 4b0ca0010586ff35bfc8f2dcb0629036
humanhash: august-october-nineteen-mockingbird
File name:Profile order3875.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'591 bytes
First seen:2020-05-26 08:56:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:nEiEFaF2fw4o3SWXhXoqa5W8vnoWfiBGzIt49KB:nEkn44XSqak8YBGSz
TLSH 0CF2F1909A4AC0B0981EB0FAA7673070BAC8935477AED45F049647C98749A14FFBF9F1
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: hal-lndia.co.in
Sending IP: 79.124.8.209
From: Novak Andrey<sales@hal-lndia.co.in>
Subject: Request For Quotation
Attachment: Profile order3875.zip (contains "RAPPESSERR.exe")

GuLoader payload URL:
https://mncarteam.com/wp-includes/osanew_iULUvTR156.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Agent-7900604-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:10 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 9f3083e1697b2ffd7c56550f89ab6b98a7de6e12925db3e53ac2bad4b73639be

(this sample)

GuLoader

Executable exe 6d192f66f0fbf8a2f9311a12b5905ce6a19ecd28e7c483ccfedaf0b5b153c0eb

  
URLhaus
https://urlhaus.abuse.ch/url/368720/
  
Dropping
MD5 3247dab1004ddc6d6ef3123f5696faaf
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6d192f66f0fbf8a2f9311a12b5905ce6a19ecd28e7c483ccfedaf0b5b153c0eb

Comments