MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 caa69bf1058a4add2c0a2e23ac5ba4b89089e00089ae6823ec7a8aa6e08317b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: caa69bf1058a4add2c0a2e23ac5ba4b89089e00089ae6823ec7a8aa6e08317b5
SHA3-384 hash: d9fd7e0702e15a1da4407afab8bd1a96a36708efbccf93e4c972972028172e1db422d5edc33359e6bad1d6390ec22b8f
SHA1 hash: ba3854d376d853f8cacf9fe189a61a4ce4c05f7b
MD5 hash: c5fa1f29ef2bf1f61aed599e03949919
humanhash: california-saturn-muppet-lithium
File name:PO_W908.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:34'243 bytes
First seen:2020-05-26 09:18:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:4l1BJ3MoGSRA1NNWbxRETctejtGP5b7kJ1wOqwqVTQGjAL:43Lcov6NWbxQcteJGxEJ1vqwq9QkAL
TLSH D2F2F1B6414C550D832CA1F9B393998CF66F0AFB6F33E5B697C40534222B231597A93B
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: slot0.cherters.net
Sending IP: 45.95.168.241
From: sales02@cherters.net
Subject: PO_W908
Attachment: PO_W908.zip (contains "PO#W908.com")

GuLoader payload URL:
https://conveyancing.pro/wp-admin/js/widget/w_ABcIvP36.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:19 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip caa69bf1058a4add2c0a2e23ac5ba4b89089e00089ae6823ec7a8aa6e08317b5

(this sample)

GuLoader

Executable exe 50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac

  
URLhaus
https://urlhaus.abuse.ch/url/368725/
  
Dropping
MD5 9058b127ec2d371577269f8d87e432a9
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac

Comments