MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c64286bb8c9785954c94e74a654c15706c27ea06f0133a92219d6cb823c35af0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c64286bb8c9785954c94e74a654c15706c27ea06f0133a92219d6cb823c35af0
SHA3-384 hash: 25042afae2046776029b64ed8e7d6300279ac127ee8b2e8a3e20e1c280b0f3b2c30f1195b8a952b73b17da8afe9782d0
SHA1 hash: 6a95b1d1b136b22a26c85f94d0e0e2ec98077838
MD5 hash: d43c87df336956bc31622b1b8a7bbc7b
humanhash: potato-echo-vermont-carpet
File name:URGENT ORDER.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:29'566 bytes
First seen:2020-05-25 13:20:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:zKpA6JDDwNYw4QwbW9Nw9gBx/+gxO0vJpVCtc29Y+9E:WpAP0AqS/9xbH2ZW
TLSH 23D2F229B11A893AFC4DD7177E83D1C4318E8AF12ACDB1493025B511EA528CC6FF3786
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: gmail.com
Sending IP: 156.96.62.50
From: Sales Dept <nkbe_197@gmail.com>
Reply-To: preshyallisonmiller@gmail.com
Subject: URGENT ORDER
Attachment: URGENT ORDER.zip (contains "URGENT ORDER.exe")

GuLoader payload URL:
http://irangoodshop.com/ebukaaa_GnXduS113.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCN.19932.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:37:02 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip c64286bb8c9785954c94e74a654c15706c27ea06f0133a92219d6cb823c35af0

(this sample)

GuLoader

Executable exe c1f40574d76ccbf75a61e6bbd123b59d1c384cd2c8d435cbbb2bc54211615e3d

  
URLhaus
https://urlhaus.abuse.ch/url/367843/
  
Dropping
MD5 1ee5e88be8a8bbf9a4a138f1cc09d78e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c1f40574d76ccbf75a61e6bbd123b59d1c384cd2c8d435cbbb2bc54211615e3d

Comments