MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac5dcb5a907fc0eb373fdfc6eac7261328ab8fb869ef4b0fca2ac668f2fa6039. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac5dcb5a907fc0eb373fdfc6eac7261328ab8fb869ef4b0fca2ac668f2fa6039
SHA3-384 hash: 87c9427f7aaa2e62cf4f5853cfb462e3973a192d8998f0b47820bae4e1148f159ca95af22b5d2794d4cb7e6d667c96f7
SHA1 hash: 4dd1275b97168de79f59dacca53085bf75227aa4
MD5 hash: 8998c4847458c3ea41a069ad4b3ce381
humanhash: one-arkansas-lamp-carbon
File name:Scan0001.pdf.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:54'414 bytes
First seen:2020-05-28 13:15:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:EuknU7foq3xlTFPaHiMtz7TTQwqVfWpdWRmlW:9b3xDWRtPTsd1WHxlW
TLSH 7433F1133323E2C19738037D25D449C58C8C7427A6045F976A2A607A8BEE3B9666F39E
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: box.graetfoodgroup.com
Sending IP: 142.11.195.72
From: Salil Johory <dipak@graetfoodgroup.com>
Subject: Re: Wire Transfer Confirmation 100261804
Attachment: Scan0001.pdf.z (contains "Hormephobiadesignee.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1VDDr13QB-SbZaBWx30W2Z7lMfIeRUu_3

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMEF.3703.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 10:49:45 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ac5dcb5a907fc0eb373fdfc6eac7261328ab8fb869ef4b0fca2ac668f2fa6039

(this sample)

GuLoader

Executable exe 487032be06deec0a6b50c6c0464edb67d50f9bb769ea1527969d4b67b83e8733

  
URLhaus
https://urlhaus.abuse.ch/url/370301/
  
Dropping
MD5 5c2f0c7c8f1ac7310cfa9b11f320cc55
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 487032be06deec0a6b50c6c0464edb67d50f9bb769ea1527969d4b67b83e8733

Comments