MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3190586045b742face7fe9f90e71caa6960a46715d7f1978cced2eac1c56310. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3190586045b742face7fe9f90e71caa6960a46715d7f1978cced2eac1c56310
SHA3-384 hash: 0f45f20b8a1ba6029cd19945cbdecac7685f3d0ecb8dacd269e174b5031eb6dfc373b8bb6d40067f7ed744d4149a7e0f
SHA1 hash: de1576123dfc58242c76272cd69512f40b77c25f
MD5 hash: 95c99bda07156806839a52afcf3b638b
humanhash: crazy-venus-jupiter-august
File name:Possible Inquiry.pdf.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:18'377 bytes
First seen:2020-10-06 06:04:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:TG6okjAOI7uF3XTPGtbCo1T7kV4igIv4pU7QvL:NokEOcuVjPGZCo1TpKoL
TLSH A882C1D29ED155983A30AA93B4EC1BB9FB8761681118B983C503477E1C7B825A963F13
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sipau1-19.nexcess.net
Sending IP: 103.242.92.13
From: Azmi Alshanti <Office-Purchasing@mail.com>
Subject: Possible Inquiry
Attachment: Possible Inquiry.pdf.zip (contains "PO.pdf.exe")

GuLoader payload URL:
https://onedrive.live.com/download?cid=7A41C5DF29C70D9C&resid=7A41C5DF29C70D9C%21118&authkey=AGpYDF93tk1PiOc

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3190586045b742face7fe9f90e71caa6960a46715d7f1978cced2eac1c56310/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-06 02:05:37 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wmmqlbqeln2c7lhh72pzbzy4vjuwbjdhcxl7df4mz3jovqofmmia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/b3190586045b742face7fe9f90e71caa6960a46715d7f1978cced2eac1c56310

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip b3190586045b742face7fe9f90e71caa6960a46715d7f1978cced2eac1c56310

(this sample)

GuLoader

Executable exe c845d091a060520675309673246e766d1e61bd90ee0e46e1ba46fc08e1cd1ead

  
URLhaus
https://urlhaus.abuse.ch/url/658347/
  
Dropping
MD5 7c18961a1aab50c8d092ee1285d5f354
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c845d091a060520675309673246e766d1e61bd90ee0e46e1ba46fc08e1cd1ead

Comments