MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d09fe18aaf2d6d6e5bab1c3720853219c2ec1ba24d170bbef2051c8263f8c00f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d09fe18aaf2d6d6e5bab1c3720853219c2ec1ba24d170bbef2051c8263f8c00f
SHA3-384 hash: 1931ebab2bc2b3dfa4e13a1a38f5211b50e5497e3401740a8a35957bd2e0cf5288573006c1e57504bb79c2e07165fe46
SHA1 hash: 7effae2f71c8ac07f9e02c60219b1cb778e5bd5a
MD5 hash: bab5e4d5df17b0219aa66075b429d80e
humanhash: orange-golf-leopard-eleven
File name:QuotationRequest_20202605_20202605_20202605PDF.z
Download: download sample
Signature GuLoader
Create hunting rule
File size:28'531 bytes
First seen:2020-05-26 13:39:26 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 768:OwZFXWZQ4VHbbC+W5eGmdKn80BGX0mdZgLCdYkuWFwE:OwZ8ZQ4hWjuj0B2JALCdY8/
TLSH EDD2E18041B074CD4EB7A9237F6ED271E3A743B89D360B61A5C019210F75A65378BD8F
Reporter abuse_ch
Tags:GuLoader z


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: esperanzaeg.com
Sending IP: 96.44.147.58
From: Elizabeth Kelleher <Purchase.department89@gmail.com>
Subject: Quotation Request From Axia Global Services.
Attachment: Quotation Request_20202605_20202605_20202605PDF.z (contains "Quotation Request_20202605_20202605_20202605PDF.exe")

GuLoader payload URL:
http://www.pdslhk.com/file/binfle_zhQkq115.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 14:36:07 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z d09fe18aaf2d6d6e5bab1c3720853219c2ec1ba24d170bbef2051c8263f8c00f

(this sample)

GuLoader

Executable exe 1d7bdf9a4d6651b7fd3d181799bc3fdd912b1ed4de9da3ced646b0149dbca007

  
URLhaus
https://urlhaus.abuse.ch/url/369178/
  
Dropping
MD5 4afb6333da50ef961f85c7909531f5b2
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1d7bdf9a4d6651b7fd3d181799bc3fdd912b1ed4de9da3ced646b0149dbca007

Comments