MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbbaa04d916364ce9dc7d7795432fdc08ec3cf2cb201ba839acd675ff02a48d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbbaa04d916364ce9dc7d7795432fdc08ec3cf2cb201ba839acd675ff02a48d0
SHA3-384 hash: 1be00285f8e7ade39840ad063b8231e8ce17ed92bb06606bfc0cd513a298a33970c7c00d5947aba813ef9bb8f70a35e0
SHA1 hash: 02a0e03fe95e957ac340564d373712b4c526ad43
MD5 hash: 8a2690716ebf8020417fcf856a4b8611
humanhash: purple-pip-ceiling-crazy
File name:Purchase Order.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:36'654 bytes
First seen:2020-05-26 07:53:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:xI7aI69/tVVqtZOnSSLf3IevfWT+ClnsLEH0qk7RCi483:xZn4tEr48O+0nsLEPeRr
TLSH 18F2F2B50C78AE9DE681B972A8910C2F2E9FC749721C0F241F5C434AB7D38599F8B646
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: reseller1.global.ba
Sending IP: 185.99.1.115
From: Sam Stagg <mightyspraying@gmail.com>
Subject: PURCHASE ORDER
Attachment: Purchase Order.zip (contains "Purchase Order.scr")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Vn27mhyk6AiNL91otZHYI2-WbTb7KrT4

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20785.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 00:32:40 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip bbbaa04d916364ce9dc7d7795432fdc08ec3cf2cb201ba839acd675ff02a48d0

(this sample)

GuLoader

Executable exe cebea74a88247dc212934829df2370dee3adf5c9acfa6888021067db6c54686d

  
URLhaus
https://urlhaus.abuse.ch/url/368703/
  
Dropping
MD5 b907f17841f58060b10a5ca6f7e3df42
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cebea74a88247dc212934829df2370dee3adf5c9acfa6888021067db6c54686d

Comments