MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9ea21f1e4ddb75d0fce2cd9002e342ae0cde92051fdcc1e16a6d87ad62379df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9ea21f1e4ddb75d0fce2cd9002e342ae0cde92051fdcc1e16a6d87ad62379df
SHA3-384 hash: f1ef73ceb5203baa9e2f6803059bb8f6d94048096fa0cff46ab059807e3934e7058d1793461a86857138bd89c783636e
SHA1 hash: 10eb01e385f97b1439026f288021ba30b72365d5
MD5 hash: c58a025df4e8af0c08d9ce313948d160
humanhash: friend-alpha-nevada-failed
File name:payment inv.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:135'168 bytes
First seen:2020-06-08 14:48:04 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:Ip1pwwu1aL3mNtlrHBOjIHzHKkIlp/He1sHJ/ZTHi6Jbfwa+oT6QOqBvK2rwrso2:quRtSmzqkIr2sHJ/ZriaTwbTqFK28D
TLSH AAD39E233954C18AF05507712CE29AF43B26BC2909416F8B714DBF5BEB72B026DA672D
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: wrqvztfd.outbound-mail.sendgrid.net
Sending IP: 149.72.231.253
From: Sener, Mesut <aalbert@svoco.com>
Reply-To: Sener, Mesut <Mest.Sener@irco.com>
Subject: RE: Invoice Overdue & SOA
Attachment: payment inv.img (contains "payment inv.scr")

GuLoader payload URL:
https://ny.libconsult.ca/binazadi_PDqgcY243.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 14:50:05 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xhvcd4pe3w3v2d6oftmqalruflqm32jakh64yhqwu3mhvvrdphpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img b9ea21f1e4ddb75d0fce2cd9002e342ae0cde92051fdcc1e16a6d87ad62379df

(this sample)

GuLoader

Executable exe 01cbd7ffa69b802c48571c9643d525c525493463b592a79336ee6757e9d54aa2

  
URLhaus
https://urlhaus.abuse.ch/url/383218/
  
Dropping
MD5 af9fd9f57d7861b408f7cb322ac94400
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 01cbd7ffa69b802c48571c9643d525c525493463b592a79336ee6757e9d54aa2

Comments