MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2ac2ba3488bf9e0d888ddbb96c5764920e5731976b6db20f92218acfee8b77c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2ac2ba3488bf9e0d888ddbb96c5764920e5731976b6db20f92218acfee8b77c
SHA3-384 hash: ac7cf1a19a1e96c028d7c29524867f052cc45b1a9850f64893cbeb0dd8f9052f87d6bde57de40fee56efab033762ee0b
SHA1 hash: faf3cd996e3a892f3353bd596ea1d547b7374b3b
MD5 hash: 331adbbabba218fb026df0bd66bdcd63
humanhash: helium-harry-mountain-potato
File name:Urgent Quotation for an offshore project June 2020 RefHLM39299.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:18'526 bytes
First seen:2020-05-27 17:38:10 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 384:cg5nfXKEzYEJrIMFf0ExvCN00UWcFeCFQo5fEU2j/6qSJJ:vfXFzJrNFf08vGuFVfIm
TLSH 9C82D16DF8C6A570372BD3BD46185C3D3F03FD65382509E449920972918769F0D6EACE
Reporter abuse_ch
Tags:geo GuLoader gz ROU


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: clean309.mxserver.ro
Sending IP: 92.114.95.64
From: Albert González <agonzalez@circutor.com>
Subject: Cita urgente para un proyecto offshore Junio ​​2020 Ref # HLM39299
Attachment: Urgent Quotation for an offshore project June 2020 RefHLM39299.gz (contains "gunzipped")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1-0tIvfR8LCrvP4djjjnTfDN2ysbRmQSF

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 03:58:03 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz a2ac2ba3488bf9e0d888ddbb96c5764920e5731976b6db20f92218acfee8b77c

(this sample)

GuLoader

Executable exe 64ed853709b8b3070163500aa33f199d3cacff5fafba4c895a9c9f85a664da40

  
URLhaus
https://urlhaus.abuse.ch/url/369939/
  
Dropping
MD5 3da2174245fec68180f34307c0ec88db
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 64ed853709b8b3070163500aa33f199d3cacff5fafba4c895a9c9f85a664da40

Comments