MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b408619f58fe5bc44f76cd632257f18ff3572d8dcb67ea8c5dd6e1987c7b5a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: b408619f58fe5bc44f76cd632257f18ff3572d8dcb67ea8c5dd6e1987c7b5a58
SHA1 hash: 2e62954560960a8b67f3ad4dfd63dad96ea774a8
MD5 hash: 0815cf3caa013ad04344de0b5f5bb019
File name:order_febuary_list.exe
Download: download sample
Signature GuLoader
File size:90'112 bytes
First seen:2020-05-22 10:00:30 UTC
Last seen:2020-05-22 10:51:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1da8f63868cf771fd580fdbc74c1d56d
ssdeep 1536:jdFe+jvV+npD3kSb0Hxeyn2p7WLg3O5bE:54SkpzkDHr2A+UQ
TLSH 3F9319227994D99BCD140DF28E756AE4241FFC700E154A1F6489376CA633EA3BE3132E
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: sky.brawaa.com
Sending IP: 78.46.72.211
From: Yasin KURT <sales1@goker.com.tr>
Subject: Repeat Order//Febuary invoice.
Attachment: order_febuary_list.r01 (contains "order_febuary_list.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1WlfkTpWmng1Gw8DOf9Lh78LzkMHMxO8C

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 25
Origin country FR FR
ClamAV SecuriteInfo.com.Variant.Ursu.878098.31760.8506.UNOFFICIAL
VirusTotal:Virustotal results 31.94%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe b408619f58fe5bc44f76cd632257f18ff3572d8dcb67ea8c5dd6e1987c7b5a58

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments