MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1dde9b2c42ccac6d2ee9b6dded0d5470eb0b4c1471d7a45e141e604087fdad6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1dde9b2c42ccac6d2ee9b6dded0d5470eb0b4c1471d7a45e141e604087fdad6
SHA3-384 hash: dd445b53323cb5636a5965ab780c245de89d762d4a8af909640998d88495412db66e106cebc0be83952cc731fa4b3667
SHA1 hash: 27ecb2a1ee56e90051f93e7f82c85eabb706e74f
MD5 hash: 27104a9838195af723b3041c64c444f6
humanhash: seventeen-green-pennsylvania-echo
File name:JIANGSU.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:18'763 bytes
First seen:2020-06-03 13:08:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:hPArs5oIN0mdtvAKisjAMwRWDb/joAoYGWFkdNv3720zgqgfSYP0e428mzF:KI57Nv3vcsjhwEDb7oZWqdNv3720ufH/
TLSH FB82E13D47A948DCF9E8B334DEE157147C834285B6265D0AA2BCBF0D21D721A4AD785C
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: MINGQI ZHAN <mingqi@yuntong-batt.co>
Subject: RE: PO# 0440086 - KUAN
Attachment: JIANGSU.rar (contains "JIANGSU.exe")

GuLoader payload URL:
http://111.90.148.217/maz_nWESMEvbsC95.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:37:51 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uho6tmweftfmnuxotnw55ugvi4hlbngbi4oxurpbihtaicd73lla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar a1dde9b2c42ccac6d2ee9b6dded0d5470eb0b4c1471d7a45e141e604087fdad6

(this sample)

GuLoader

Executable exe f0a859474803c2ba7687f71bdc33ed9296ef1a18920d6c3fb425fc30ae266826

  
URLhaus
https://urlhaus.abuse.ch/url/376020/
  
Dropping
MD5 13b785d3509211baf690e42a50efb06e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f0a859474803c2ba7687f71bdc33ed9296ef1a18920d6c3fb425fc30ae266826

Comments