MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc5cfa5f5592c9439c03289a58c9ec22d6318f68ca9af6db5210762d396d0aea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	cc5cfa5f5592c9439c03289a58c9ec22d6318f68ca9af6db5210762d396d0aea
SHA3-384 hash:	951bd62ccacb8dfe978151516a708f488c4bbe6511ba87d79d6e7bd91ebf5d8a362ee53a6f215c8f1b5a500e9b3da6c7
SHA1 hash:	ec971631b23581c9993d239fe55246d4236b09a8
MD5 hash:	7faa584e478e8fe6c6bf4a117688121a
humanhash:	leopard-king-louisiana-pasta
File name:	INV6565.zip
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	46'600 bytes
First seen:	2020-06-08 14:48:20 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	768:qcx/LgKTSCfaj2ThY3GhDsY+pVdiIzlw9k0qkfcob0Cgw9Mzql6aiNxbHYTy+Xjo:qc1LgKTvfz4GhWVQUCkknb3gyM2ROV
TLSH	2923F1DC93E3959366FD5A64B0622B4A0E9B16FDF0F2B8A1910B29C18D844507F3FD38
Reporter	abuse_ch
Tags:	GuLoader zip

abuse_ch

Malspam distributing GuLoader:

HELO: dd42314.kasserver.com
Sending IP: 85.13.157.240
From: ruediger@aachtal-apotheke.de
Subject: Re: New order 892
Attachment: INV6565.zip (contains "INV6565.exe")

GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin