MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1b8d9b4302e762f4f4fa6bbf0a10ddd3ae40a80b7fcc8e9947f624c0d4c04ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1b8d9b4302e762f4f4fa6bbf0a10ddd3ae40a80b7fcc8e9947f624c0d4c04ff
SHA3-384 hash: 6d4d82d7b4b9c17d9232e190c1259cd8317bed12d8fd86d0ab52440efc4a7ac7f4c073e948e46a6bc698a0a99935687b
SHA1 hash: 80d999af8a724d847ab0a346631dc9c95ebc070c
MD5 hash: 269b88f889fb0c22a480f9a6c0c1316d
humanhash: diet-nineteen-emma-magazine
File name:scan docs47346.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:30'166 bytes
First seen:2020-05-26 07:34:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:uItWybYwwXN71jUj+DJIH0nr/7ITZek1MELx:u6vbeNx3NIkc4k11
TLSH 98D2F16CB14B98AB7F205B6EEF1060FFF51767C9394AA5057D4AC38723089B7DA00831
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smtp105.iad3a.emailsrvr.com
Sending IP: 173.203.187.105
From: engg2@ascjsr.com <engg2@ascjsr.com>
Subject: RE: PROFORMA INVOICE
Attachment: scan docs47346.zip (contains "scan docs47346.bat")

GuLoader payload URL:
https://srv-file10.gofile.io/download/C0JZcP/chimez1@mosaiclayouts%20Origin%20server_GEdDNVl156.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 07:36:25 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a1b8d9b4302e762f4f4fa6bbf0a10ddd3ae40a80b7fcc8e9947f624c0d4c04ff

(this sample)

GuLoader

Executable exe 99a25991c82e15ee5b4db6c8aaa9b11193b2c293e1e4951e4e4cdd8a4c853670

  
Dropping
MD5 67860e48245ce1f6ec21af32b0b65c7a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 99a25991c82e15ee5b4db6c8aaa9b11193b2c293e1e4951e4e4cdd8a4c853670

Comments