MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be4fc41aa593f689988abe595097277e5461f23ffe8bbd21c7edd74e293dc6f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be4fc41aa593f689988abe595097277e5461f23ffe8bbd21c7edd74e293dc6f5
SHA3-384 hash: c8b9e950d994f4222bcbd14f34990d5243fcbf298f560c175aa55b84600ef70d084835044a2581880c1e009a28fa1dd0
SHA1 hash: f889666d7c7d32933674d0b4d0a0563919555787
MD5 hash: 5918a4c3ae70d14729b5f2bb1aa5d416
humanhash: iowa-johnny-bakerloo-mountain
File name:PO32008 CT.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'337 bytes
First seen:2020-05-26 11:21:19 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:U30Un6L2DG/UWzsG9b+44T8c22fdbP9DvNPJln8p8Bqa1A:RUn48WV+40x22llJnxqa1A
TLSH E0F2F2194AA7C2A490671BDD4607B0D41E6FF03DE19C4F4EF82C65060AE35E4D94BB5A
Reporter abuse_ch
Tags:GuLoader gz


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dnn.co.id
Sending IP: 202.47.91.18
From: S. Veed <sveed@dnn.co.id>
Subject: RE: RE: PO32008 CT
Attachment: PO32008 CT.gz (contains "PO32008 CT.exe")

GuLoader payload URL:
https://kinansreview.com/AmHome_bhPixbUN54.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:11 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz be4fc41aa593f689988abe595097277e5461f23ffe8bbd21c7edd74e293dc6f5

(this sample)

GuLoader

Executable exe c89df787c82531acf38787d9c159b9fc6bd995cb9402ff8f6bab423363c5497e

  
URLhaus
https://urlhaus.abuse.ch/url/368805/
  
Dropping
MD5 40c7731e4153bf94e6b11f69706e261a
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c89df787c82531acf38787d9c159b9fc6bd995cb9402ff8f6bab423363c5497e

Comments