MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0feedef4e0d7c6137e673f6fe83386d2bd91bbabd3eb777c5fc0740636876f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0feedef4e0d7c6137e673f6fe83386d2bd91bbabd3eb777c5fc0740636876f1
SHA3-384 hash: f88034dd15dfc404e60241c7e140f55f886909d0553279893ee2da6623c754a112477bb38dfd2bb0a612088712b48a72
SHA1 hash: e7b5d28079e745d711ba3298af3904330797e519
MD5 hash: 8477748fc4d719d5ddae0235a79269d5
humanhash: batman-london-bacon-west
File name:Order n °. 1702.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:27'655 bytes
First seen:2020-05-26 08:59:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:wWZ8ULVQSEMG9xqD7BHpb8ISbJCOqzZ2qG5A/LKawHxyjGt9f4KJWOB32d1AeZ0j:wWWeV6qJ5E8vZNwx6G3JWOcd12Yqh5
TLSH 51C2E16B71B21A14813C27CDC8EA933C509BE65EB8D50212A52CA8E06393D561FBD6F2
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: fruela.greencom.net
Sending IP: 212.89.6.11
From: Joanne Ong <sales@pcontrol.com.sg>
Reply-To: sales@pcontrol.com.sg
Subject: Order n °. 1702
Attachment: Order n °. 1702.rar (contains "Order n °. 1702.exe")

GuLoader payload URL:
http://45.143.222.30/gigggo_drBWaw213.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:15 UTC
AV detection:
15 of 30 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar b0feedef4e0d7c6137e673f6fe83386d2bd91bbabd3eb777c5fc0740636876f1

(this sample)

GuLoader

Executable exe 7a46dcdfbe1991b5e05e4681dc027f2a8fcfb62abab89421b7aefd7397dafdb9

  
URLhaus
https://urlhaus.abuse.ch/url/368708/
  
Dropping
MD5 2858d6916a2472965117459ef499d87d
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7a46dcdfbe1991b5e05e4681dc027f2a8fcfb62abab89421b7aefd7397dafdb9

Comments