MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bafc9456259ead81a34dac9040368daa14737bd335acf7eda5b60e07d9f1c6b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bafc9456259ead81a34dac9040368daa14737bd335acf7eda5b60e07d9f1c6b4
SHA3-384 hash: 0feaeb6644b3a1c70633fdad48749cc496dbd9cd622e99df6f358ebe0aa9b2e8926f7db0292d471d65af3264b826327e
SHA1 hash: 18956c2a056b7c2f04603bb01cf7e34958bb8293
MD5 hash: 12c5f38224936d862399661eb0c47ad4
humanhash: beer-march-four-equal
File name:KDE - PO2006-0001.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:35'180 bytes
First seen:2020-06-02 11:12:37 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:s1gmKI9dGrTft+8jdQZ1DxhUpFJJ37dQbo1iVjQEkwJ7CEPd:s1gg9dQfUsdQZhmFvmbqiVjQQ5Pd
TLSH 91F2F18A366FFE41A92F617F88EB47D471D677234A2DAF2585801CF6006F1F0D605E89
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.cesosenintl.ml
Sending IP: 64.188.23.5
From: Thaw Wai Mun <wmthaw@oldtown.com.my>
Subject: KDE - PO2006-0001
Attachment: KDE - PO2006-0001.gz (contains "gunzipped")

GuLoader payload URL:
https://secure.drivebookers.com/kali_UfquusEKt204.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 04:02:47 UTC
AV detection:
15 of 47 (31.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xl6jivrft2wydi2nvsieanunvikhg66tgwwpp3nfwyhapwpry22a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz bafc9456259ead81a34dac9040368daa14737bd335acf7eda5b60e07d9f1c6b4

(this sample)

GuLoader

Executable exe 6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3

  
URLhaus
https://urlhaus.abuse.ch/url/374162/
  
Dropping
MD5 f304f7fa5eddfd0d457a7e73976b8691
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6604738347de31acf8c045750f89e3f8e1bf57e29007dbc0fd7e21fb4d7e9aa3

Comments