MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b408619f58fe5bc44f76cd632257f18ff3572d8dcb67ea8c5dd6e1987c7b5a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 4 Yara Comments

SHA256 hash: b408619f58fe5bc44f76cd632257f18ff3572d8dcb67ea8c5dd6e1987c7b5a58
SHA1 hash: 2e62954560960a8b67f3ad4dfd63dad96ea774a8
MD5 hash: 0815cf3caa013ad04344de0b5f5bb019
File name:order_febuary_list.exe
Download: download sample
Signature GuLoader
File size:90'112 bytes
First seen:2020-05-22 10:00:30 UTC
Last seen:2020-05-22 10:51:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1da8f63868cf771fd580fdbc74c1d56d
ssdeep 1536:jdFe+jvV+npD3kSb0Hxeyn2p7WLg3O5bE:54SkpzkDHr2A+UQ
TLSH 3F9319227994D99BCD140DF28E756AE4241FFC700E154A1F6489376CA633EA3BE3132E
Reporter @abuse_ch
Tags:exe GuLoader

Malspam distributing GuLoader:

Sending IP:
From: Yasin KURT <>
Subject: Repeat Order//Febuary invoice.
Attachment: order_febuary_list.r01 (contains "order_febuary_list.exe")

GuLoader payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 25
Origin country FR FR
VirusTotal:Virustotal results 31.94%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe b408619f58fe5bc44f76cd632257f18ff3572d8dcb67ea8c5dd6e1987c7b5a58

(this sample)

Delivery method
Distributed via e-mail attachment