MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d358e330babfb64222ccadc659a97645c2943f2156e0673ad1a5ffed5fada4b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d358e330babfb64222ccadc659a97645c2943f2156e0673ad1a5ffed5fada4b2
SHA3-384 hash: 7e6edabe392fa5feab62763b31ccf1ef07e421928e2b28969d011703e3ae3058c1193e08de5f21c39b2d3a97afbb23a2
SHA1 hash: 2c6998e0f5acca6c3dfba6551cf8ea1d867268da
MD5 hash: 36d2d811e6aaaa13712bf47645b7c509
humanhash: oven-fish-oklahoma-mango
File name:shipping doc.zip
Download: download sample
Signature GuLoader
Create hunting rule
File size:46'934 bytes
First seen:2020-06-08 12:04:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:YDoM5cW1wWbRSG6l4LGjW+y/gy621A3H8Hx/IUhErSVKEBmIppsmloXnBAc5pxS:eDWxW+Uh613H8HNE+KEBmILlKOc5y
TLSH 9D23F12B5A5CF5EFECE32D5051289461309242FE79B044506A25E0BD331A9FFE8513CB
Reporter abuse_ch
Tags:GuLoader zip


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: dd42314.kasserver.com
Sending IP: 85.13.157.240
From: ruediger@aachtal-apotheke.de
Subject: Re: Shipping doc/Inv 65655
Attachment: shipping doc.zip (contains "shipping doc.exe")

GuLoader payload URL:
http://156.96.118.179/AWELE-RAW_GTWfCx233.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22600.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 12:06:08 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2nmogmf2x63eeiwmvxdftklwixbjipzbk3qgoowrux762x5nusza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip d358e330babfb64222ccadc659a97645c2943f2156e0673ad1a5ffed5fada4b2

(this sample)

GuLoader

Executable exe b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397

  
URLhaus
https://urlhaus.abuse.ch/url/369174/
  
Dropping
MD5 59bff78a767cc8ee15c0a360be17c142
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397

Comments