MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b408619f58fe5bc44f76cd632257f18ff3572d8dcb67ea8c5dd6e1987c7b5a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 3 File information Yara Comments

SHA256 hash: b408619f58fe5bc44f76cd632257f18ff3572d8dcb67ea8c5dd6e1987c7b5a58
SHA3-384 hash: 0f0b2fe7cf3f8db3c1502347eb4baa93a4c2c813aa376784eaa4c2c288b3ecc7df91e1efdbe5f87f99c0cf690639f212
SHA1 hash: 2e62954560960a8b67f3ad4dfd63dad96ea774a8
MD5 hash: 0815cf3caa013ad04344de0b5f5bb019
humanhash: lithium-nineteen-solar-winter
File name:order_febuary_list.exe
Download: download sample
Signature GuLoader
File size:90'112 bytes
First seen:2020-05-22 10:00:30 UTC
Last seen:2020-05-22 10:51:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1da8f63868cf771fd580fdbc74c1d56d
ssdeep 1536:jdFe+jvV+npD3kSb0Hxeyn2p7WLg3O5bE:54SkpzkDHr2A+UQ
TLSH 3F9319227994D99BCD140DF28E756AE4241FFC700E154A1F6489376CA633EA3BE3132E
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: sky.brawaa.com
Sending IP: 78.46.72.211
From: Yasin KURT <sales1@goker.com.tr>
Subject: Repeat Order//Febuary invoice.
Attachment: order_febuary_list.r01 (contains "order_febuary_list.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1WlfkTpWmng1Gw8DOf9Lh78LzkMHMxO8C

Intelligence


File Origin
# of uploads :
2
# of downloads :
33
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-22 10:37:09 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe b408619f58fe5bc44f76cd632257f18ff3572d8dcb67ea8c5dd6e1987c7b5a58

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments