MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac49123010993777b825b5f575249be35d31bb19c00479495be7d2e85f3f92bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac49123010993777b825b5f575249be35d31bb19c00479495be7d2e85f3f92bf
SHA3-384 hash: e611d8029eed68d8a6cb56ff537d295fc3e084ae6aa7f5c8761ff1a720af57973e6a216e706e4549a1f957f3fa2afad1
SHA1 hash: 547d3e06009388c6f642441fe49bf817c1edd797
MD5 hash: 5163d732b7e478c69fab77564bfa1064
humanhash: autumn-white-edward-snake
File name:1,250EUROS.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:994'770 bytes
First seen:2020-05-12 16:04:32 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:LbUGmxBwh3lMKvMce6VuyeUMbLAj7r1wn/3Nc:LbUGO2h3yKvrVvHMbEjsNc
TLSH 55252343E33048E183CEE1F42B9477D1E2DAF47A1A424ED960FBA5C9E6D20EC562D1D9
Reporter abuse_ch
Tags:DHL GuLoader Yahoo z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sonic302-29.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.135.228
From: Dhl Express <jand_jays@yahoo.com>
Subject: Re: €1,200 Western union transfer receipt
Attachment: 1,250EUROS.z (contains "1,250EUROS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 21:14:54 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
15 of 48 (31.25%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vreremaqte3xpobfwx2xkje34notdoyzyachssk347joqxz7sk7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z ac49123010993777b825b5f575249be35d31bb19c00479495be7d2e85f3f92bf

(this sample)

GuLoader

Executable exe 982cf9ea20248fe7a489611a7c7e64fe1603d2517a007610c7b24e407881cb5f

  
Dropping
MD5 005d21a9ec80043cd8219bb68f7dfe3c
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 982cf9ea20248fe7a489611a7c7e64fe1603d2517a007610c7b24e407881cb5f

Comments