MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfcb228741095f91daa6b0c6f356bd8c617de1b02fae250340b654089eeefc76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfcb228741095f91daa6b0c6f356bd8c617de1b02fae250340b654089eeefc76
SHA3-384 hash: b438d2b30785101a6f582f1332fcaa9db3ba5d322b4f2ab809903963e174ab9d70cbc6f6db8bf5597f78642e5614b2d5
SHA1 hash: d5d737ab83ad31a0dfbcb5a0ac48ec1503f56c13
MD5 hash: f5f3af198ac83616e90463fd55f5cfbf
humanhash: grey-north-vegan-friend
File name:Payment_Slip_2020200002602338.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:88'800 bytes
First seen:2020-06-04 15:51:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:uEhixI+9aG+0wAF3t/9CjsChXF9WOlgshG2H1Oos74rXCvFFPU:h+vH+JKUjsUXF9WIgsh3bZCvFFc
TLSH 449302B3A7032D0B7E29F5375286F75A0DFBE2A709A752801204128FDC4E5D029F94B5
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: cpanel2.cityonlinebd.net
Sending IP: 113.212.108.130
From: admin.itax2@kra.go.ke
Reply-To: admin.itax2@kra.go.ke
Subject: Successful completion of payment registration
Attachment: Payment_Slip_2020200002602338.zip (contains "Payment_Slip_2020200002602338.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1KVMXsKgC8QN7LCevFpw2r8gCxAcVRaxD

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Guloader-8002906-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 16:36:52 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x7fsfb2bbfpzdwvgwddpgvv5rrqx3ynqf6xcka2awzkarhxo7r3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip bfcb228741095f91daa6b0c6f356bd8c617de1b02fae250340b654089eeefc76

(this sample)

GuLoader

Executable exe 65ab725aa981b93b5f3ca28ea8f5257235f6974abe8fb5b03086cc1f9c6aa41b

  
URLhaus
https://urlhaus.abuse.ch/url/379340/
  
Dropping
MD5 43e5271ef593d1e07a7eba15b0951133
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 65ab725aa981b93b5f3ca28ea8f5257235f6974abe8fb5b03086cc1f9c6aa41b

Comments