MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b36007e8275a822141b6dabf8cfba95a3833e5cd1cc4d8be6b61ad5ba32f065a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b36007e8275a822141b6dabf8cfba95a3833e5cd1cc4d8be6b61ad5ba32f065a
SHA3-384 hash: 3cf109a741581ed730214a7ef9be17eddf1ad9c7edf266b55ae6db3530281b8e4392b5b67fdc0df778f7c79cca23e09a
SHA1 hash: 233c1529d7093eec5517a79eed37d66500bb813e
MD5 hash: b5bb2f95993a05e4fb8fb3aaa2a6b8d4
humanhash: twelve-black-nitrogen-connecticut
File name:25131_Payment_Confirmation.iso
Download: download sample
Signature GuLoader
Create hunting rule
File size:516'096 bytes
First seen:2020-05-02 17:08:41 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:KMwv4HY3j6jBB/8mnzr+kruojw3gL658N2D0ymJzcv:1wmYzIOmf3S8wwydv
TLSH 21B4A21B7604D5EDCA0F89B0CE86D25C46237DB0AFE58042BECE778E0B3B1669965353
Reporter abuse_ch
Tags:GuLoader iso


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: impout008.msg.chrl.nc.charter.net
Sending IP: 47.43.20.32
From: Rita Gomez<gallery22@jwillott.com>
Subject: Payment Confirmation..
Attachment: 25131_Payment_Confirmation.iso (contains "25131_Payment_Confirmation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaF.34108.Bm0@a4WbUXni.28992.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Nanobot
Create hunting rule
Status:
Malicious
First seen:
2020-05-02 17:35:27 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wnqap2bhlkbccqnw3k7yz65jli4dhzondtcnrptlmgwvxizpazna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso b36007e8275a822141b6dabf8cfba95a3833e5cd1cc4d8be6b61ad5ba32f065a

(this sample)

GuLoader

Executable exe fbae0ff635e7b7cb7646fded915f70803f4c564348b77bf2c6d9809c4353e9a6

  
Dropping
MD5 96c31f972f7dff2632aeb270268c2011
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fbae0ff635e7b7cb7646fded915f70803f4c564348b77bf2c6d9809c4353e9a6

Comments