MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c694d3b302b7f971f2010449c8d977acc88cd56035cb150ff7fb11dda5b78dc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c694d3b302b7f971f2010449c8d977acc88cd56035cb150ff7fb11dda5b78dc9
SHA3-384 hash: fce364dd4cddf4f8b1557b2b641775a42f26d31999a67cee88084d40c16c76b1742cf8b387ea6fcc48972e84756821a1
SHA1 hash: 5bcb2b6d3ac921acb6513a793e0bd68cf70039e0
MD5 hash: 23ac67b96da184dfa853e527a8271bd1
humanhash: avocado-lactose-beryllium-music
File name:Invoice, packing list and BL_doc.gz
Download: download sample
Signature GuLoader
Create hunting rule
File size:28'876 bytes
First seen:2020-05-08 04:19:26 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:nTY2p68gi+vrXDmPtIBubVAGpJA8287rZAtxkT09Qg5a:tVgi+T6P8mVASAnPtxkaQR
TLSH 7AD2F1CD2B5FD936F28A542F4CBE9102201D953167520C0E583E2DE4FFAB5A4EC6379A
Reporter cocaman
Tags:GuLoader gz


Avatar
cocaman
Malicious email
From: PT. YAMATO INDONESIA FORWARDING | Jakarta <azq@pixelnx.com>
Received: from in.pixelnx.com (in.pixelnx.com [103.90.242.177])
Date: 8 May 2020 01:49:00 +0000
Subject: RE: ADJUSTMENT // PRE ALERT AT INDONESIA "NYK FUJI V.084S" LCL TO JKT YGLNGO004466 // YIF-FW-19004159/
Attachment: Invoice, packing list and BL_doc.gz

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EJXZ.9287.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 04:45:19 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y2knhmycw74xd4qbare4rwlxvteizvlagxfrkd7x7mi53jnxrxeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz c694d3b302b7f971f2010449c8d977acc88cd56035cb150ff7fb11dda5b78dc9

(this sample)

GuLoader

Executable exe ad8a37712f8cacb5def3dc81a53358ad76ef3800ef3e4fc3d151f17e594d93e8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ad8a37712f8cacb5def3dc81a53358ad76ef3800ef3e4fc3d151f17e594d93e8

Comments