MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 baee2b375480ea980ffef661568a2076e811636d62f4905609c8e15ee52e63e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: baee2b375480ea980ffef661568a2076e811636d62f4905609c8e15ee52e63e8
SHA3-384 hash: 0d5d63ac260991bbcee2bef85ea57f94bf8857725b12085c3b4701b8e83c68128419d1340632e521c28e3c0bd6904516
SHA1 hash: 17dd5b4428544670a3e2c5bfd5a24ad173fbed65
MD5 hash: 5e6261a8e46f4501c0dbbbbd3b67ba41
humanhash: video-vermont-oregon-emma
File name:INV20200531RFQ6748.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:39'002 bytes
First seen:2020-06-01 10:50:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:JunYJjuSGnwULvybqbcVFmnuwpxiPBvMGk5VymqEm51kxD73VZSH1eFA:JuYJqFRUBw/i5NkoEi1MFZSH1qA
TLSH BD03F1E5A7E227A02A7D47A00B3864C7510FF683517973E652B79C2CE7D2CB3D2A211D
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

From: Jennifer R. Lingad <jlingad@dorniertechnology.com>
Subject: Re:request for PO
Attachment: INV20200531RFQ6748.gz (contains "INV20200531RFQ6748.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1w-dKh4VczoQw7FphLrTtp-tr0-tuqIYT

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Downloader.NetWire-7993110-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 08:49:43 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xlxcwn2uqdvjqd766zqvncrao3ubcy3nml2javqjzdqv5zjompua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip baee2b375480ea980ffef661568a2076e811636d62f4905609c8e15ee52e63e8

(this sample)

GuLoader

Executable exe d71832fb38d0d47349178c16d2b961d4d2ffab05fd477f88e335fb60cdd21d0f

  
URLhaus
https://urlhaus.abuse.ch/url/373210/
  
Dropping
MD5 6d8cf8684fc8548c64e839671eecab98
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d71832fb38d0d47349178c16d2b961d4d2ffab05fd477f88e335fb60cdd21d0f

Comments