MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbb52396b03b10c23821b7203f56e0aba1aed9b03d5644eca8f02ead16711bc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: bbb52396b03b10c23821b7203f56e0aba1aed9b03d5644eca8f02ead16711bc4
SHA1 hash: 949212c631987070efc407743f62cf758fe2a261
MD5 hash: 4246feef32b9e07b134fcd832729256f
File name:AMENDED P.O_images..rar
Download: download sample
Signature GuLoader
File size:23'477 bytes
First seen:2020-05-23 11:51:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:MIYftlXM5UKE0sGyHdDFhF/bFmuC1uQgNqa/E8vc51khC3u/sv3gBExpVV2GpJsy:MI27XM3E08dDF75TCk7FnsS8agbMGpxP
TLSH 96B2F1624CFC251EDF3E8D8BABD01A1C70D32F3525DA18B86B240EEB1DD73A68102145
Reporter @abuse_ch
Tags:GuLoader rar


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: server.example.com
Sending IP: 103.114.106.250
From: Suzhou Liansheng Chemistry Co., Ltd.. <admin@mogioan.cf>
Subject: FWD: AMENDED P.O for Reference
Attachment: AMENDED P.O_images..rar (contains "AMENDED P.O_images.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1C4LbTAj2Iz0hof2dm2Oa8C6n_KeBmPrq

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 19
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 8.33%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar bbb52396b03b10c23821b7203f56e0aba1aed9b03d5644eca8f02ead16711bc4

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments