MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3dfab1a02d297fdff0949e5472e5bf7fbfd5146b3f1f1c87d2316d268b45fcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: b3dfab1a02d297fdff0949e5472e5bf7fbfd5146b3f1f1c87d2316d268b45fcd
SHA1 hash: 41eddbb2fbf3bfe6fdea2a54b27111ad9d6abd45
MD5 hash: 9359dde7976280b23d242fc9d0384989
File name:AMENDED P.O_images.exe
Download: download sample
Signature GuLoader
File size:90'112 bytes
First seen:2020-05-22 09:51:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 112db240c077ed39b7bdf80915bd81a4
ssdeep 768:byNeOOsfCw5MXSX0XqQxIU9XjpHLMS8HEvKKGLgrrm:OUOOsfCliaqCd5pHLMJ9gO
TLSH A1931A61F994DCA6D914CEB18D2647E821EFBC761F044F2F20C97E9C2D36B81692532A
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: server.example.com
Sending IP: 103.114.106.250
From: Suzhou Liansheng Chemistry Co., Ltd.. <admin@mogioan.cf>
Subject: FWD: AMENDED P.O for Reference
Attachment: AMENDED P.O_images.rar (contains "AMENDED P.O_images.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1LSN29XHUA1LLLJZDtVkmfeCb_UtqBcxc

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 34.72%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe b3dfab1a02d297fdff0949e5472e5bf7fbfd5146b3f1f1c87d2316d268b45fcd

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments