MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf30f723ee4e1319c440ed6be076168d028c5d7aacb1f262a84db9200a4cd2d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf30f723ee4e1319c440ed6be076168d028c5d7aacb1f262a84db9200a4cd2d2
SHA3-384 hash: f31eb848833cc7f31da76c5db0daf21c518ae87ca13cdd9729d22fce8815bd500c927a9bc4f1ae703ba721e5fb3873cd
SHA1 hash: 6d8dc7e818e578067d199bcb3df14bb6c708e80a
MD5 hash: fc00df79ea496c70202d124fe1748da3
humanhash: washington-avocado-ceiling-edward
File name:PO_O908.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'231 bytes
First seen:2020-05-26 09:09:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:+v5uw8ZNwRjCEQjwWoHr1YjKhtEAkOw1U1QSHAjn6:+wzcj+fhKhtEZE1LEn6
TLSH E2E2F183DE2B9E98C8885D71D2BB2B647D1FC713286F9A93C238039A1914F2771489D6
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cherters.net
Sending IP: 45.95.168.241
From: sales02@cherters.net
Subject: PO-( catolog design for quotation)
Attachment: PO_O908.zip (contains "PO#O908.com")

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/o_WNWVekh70.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:17 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip bf30f723ee4e1319c440ed6be076168d028c5d7aacb1f262a84db9200a4cd2d2

(this sample)

GuLoader

Executable exe d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1

  
URLhaus
https://urlhaus.abuse.ch/url/368709/
  
Dropping
MD5 669e0573eac3a78bfab314092eab2d69
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1

Comments