MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce8cca2a7fa7de5865ad68b344af63fcd7579bd57115cba481b3276a1c8f35e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: ce8cca2a7fa7de5865ad68b344af63fcd7579bd57115cba481b3276a1c8f35e2
SHA1 hash: cced7db8753aeef38f8f7197049bbed5cfb1dc29
MD5 hash: 07777e1e75edef92f55943add1ef7343
File name:Shipping advice.zip
Download: download sample
Signature GuLoader
File size:24'221 bytes
First seen:2020-05-22 09:55:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:/982XHdvAyNvZ/4WoSzCw7zY/yRAr4rbkpWf1TvyofAqZC4s2PF4QnqJHnGkuyvs:/dtlNxgWo70Y/yREGk0fQzqZC3gF5nqQ
TLSH 8EB2E0347D2A9AD7A3C87B3F79F34236C8CE181A97DBD116AA374D8812C1A900F14676
Reporter @abuse_ch
Tags:GuLoader zip


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: smtp1.hiworks.co.kr
Sending IP: 121.254.168.204
From: Seon Won <triangle@cnilogis.com>
Subject: Fw: Shipping advice
Attachment: Shipping advice.zip (contains "Shipping advice.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Zkp6lYWfhKKaXXb76nvfWKLHBqPmer7C

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country FR FR
ClamAV SecuriteInfo.com.Trojan.DownLoader33.44564.15213.1861.UNOFFICIAL
VirusTotal:Virustotal results 9.52%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip ce8cca2a7fa7de5865ad68b344af63fcd7579bd57115cba481b3276a1c8f35e2

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments