MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c452a5ceffc744fe452dabad9781f88ec5cca9960251fe2b950214b7168f8b86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c452a5ceffc744fe452dabad9781f88ec5cca9960251fe2b950214b7168f8b86
SHA3-384 hash: f0be25050b8021188d2127935aa3d208a72b7cda7e26922ce02e3e954b67feaa5f96f924ac111f9ab594979b289ac0d8
SHA1 hash: 716f22d9859202acf083af9c02275e62b7c08a12
MD5 hash: 7dc612e804a601b4b48602c44bb61c07
humanhash: magazine-autumn-pizza-nuts
File name:Quotation Request.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-18 11:06:08 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:oJuZuwZFhTy7qqNo5Q2gRRlL5h1ro+EHfi/HRt1UcMeuI:WwZFVyOqNo5QnRJ5hGHK/L1qD
TLSH 96456CB333C81C29FAC8423756698168A2B2BD75119A8B1F764D337D1B366C56CE036F
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: sme01.small-dns.com
Sending IP: 14.102.148.51
From: Marty Carpetz <martycarpetz@synthetic.net>
Reply-To: benoson@vivaldi.net
Subject: Quotation Request
Attachment: Quotation Request.img (contains "Quotation Request.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1yKHODGCPXiTmEHfQ1DyJHKYo8eWyf5U1

Intelligence

File Origin
# of uploads :
1
# of downloads :
230
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c452a5ceffc744fe452dabad9781f88ec5cca9960251fe2b950214b7168f8b86/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-18 11:08:06 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yrjkltx7y5cp4rjnvowzpapyr3c4zkmwaji74k4vaiklofuproda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img c452a5ceffc744fe452dabad9781f88ec5cca9960251fe2b950214b7168f8b86

(this sample)

GuLoader

Executable exe a283013584e013da4231d524de5b6f6a8267ed302ec77e1ff003669c0928613e

  
URLhaus
https://urlhaus.abuse.ch/url/435481/
  
Dropping
MD5 3631a0f06957cbe338ce0519567e8290
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a283013584e013da4231d524de5b6f6a8267ed302ec77e1ff003669c0928613e

Comments