MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ffd577600d16c71f3620e606bd34728ba6ea6a3cb97322f882464d591b0c087. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ffd577600d16c71f3620e606bd34728ba6ea6a3cb97322f882464d591b0c087
SHA3-384 hash: ac7332544ccb28eb527e1dabc9d14b54323b5b064b50ce55f845148cd34f91fbcfcaf4faf81f42cede10a508498afb7a
SHA1 hash: 150f62b2c09d7f14c77fbb9d1f3cd391c1027918
MD5 hash: c980e4d5ced79e95b968d11aedd80b9e
humanhash: mobile-cola-mockingbird-lithium
File name:RFQ 13970 DT_PDF.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:43'924 bytes
First seen:2020-06-04 17:21:36 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:tw91SVCsXdOyg0/toLTi+BSk6t4gj7LGVcZzvMWL5LTZOzYlqfHZwJ6uMY03oBvZ:tD47yvoLOVk6t4GwyzvFTm6qfZIvB
TLSH 9A13021B6B8C310E8999BB3A4E974C7E7DE689F2410708D6256FF60450BD487CDCE0A9
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: server.kibriswebtasarimi.com
Sending IP: 176.9.21.149
From: kavita_d@hindustancopper.com
Subject: CLARRIFICATION RFQ 13970 DT.02 / 03/2020 DUE DT.17 / 05/2020
Attachment: RFQ 13970 DT_PDF.gz (contains "RFQ 13970 DT_PDF.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Urei4JInQ56o9z6smockmfFiiFZYlAgC

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 17:36:16 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t76vo5qa2fwhd43cbzqgxu2hfc5g5jvdzoltel4iersnlenqycdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 9ffd577600d16c71f3620e606bd34728ba6ea6a3cb97322f882464d591b0c087

(this sample)

GuLoader

Executable exe 6458e2ed559b0821cab5226e9258296079ed39db71bd8330cbe33dd04022abfc

  
URLhaus
https://urlhaus.abuse.ch/url/379639/
  
Dropping
MD5 0b46d20658d513d366844225823a9127
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6458e2ed559b0821cab5226e9258296079ed39db71bd8330cbe33dd04022abfc

Comments