MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c97792c52aaee17c0f21bfbb8c14f3eab6cd236d170574d1baeba4d2e25dc7e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c97792c52aaee17c0f21bfbb8c14f3eab6cd236d170574d1baeba4d2e25dc7e4
SHA3-384 hash: d6ebc99c713107a48a39202c92953ccaec52612bafd5e6ce7638dd83fef4ddf0c04a32277e31b73071bf6b88d417b77b
SHA1 hash: 970c9d41b6168c99a4d2c7c7e30518f095bc1461
MD5 hash: 784e59d39ac73acd7353c7b1c508d04b
humanhash: virginia-papa-mango-robin
File name:BOQs and Discounts-check.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'261 bytes
First seen:2020-05-26 13:42:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:ILYEKH/QM1grdjjOowGOrIvqdINkn5okZYyEFEaRFi/sb/Ue:I0pfqdjLwG2WIqkZY9fjb/b
TLSH 5CE2E16005587DCC618AFD6AEB4CFF56F0DB3400B13D37AC66EA72B6094DC4AE86491B
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: demco.co.th
Sending IP: 156.96.59.92
From: takarn<takarn_nic@demco.co.th>
Subject: 115/22-3.3 kV. SUBSTATION EAST WATER
Attachment: BOQs and Discounts-check.zip (contains "BOQs and Discounts-check.exe")

GuLoader payload URL:
http://rayyanceram.ir/gozmanss_USuhOzVInY126.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Fareit.cz.14205.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:36:06 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip c97792c52aaee17c0f21bfbb8c14f3eab6cd236d170574d1baeba4d2e25dc7e4

(this sample)

GuLoader

Executable exe 15b394d8f614faf02d551b0034f2882c052587d717fd4e0966919aeaf1e7ae87

  
URLhaus
https://urlhaus.abuse.ch/url/369187/
  
Dropping
MD5 7a6113afd11869ca824c021efff31867
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 15b394d8f614faf02d551b0034f2882c052587d717fd4e0966919aeaf1e7ae87

Comments