MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3e1849e24ea3943f8f5256a1e2eadcece0613e065a41d2f4827ae4762f06fd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3e1849e24ea3943f8f5256a1e2eadcece0613e065a41d2f4827ae4762f06fd6
SHA3-384 hash: d9876b05a9dacfbfda4a0b1f1603891cdcdbf0f2e5bd361d4ce6338d322471bb820471e5e9e2e54ee4bccde73d841186
SHA1 hash: 0ad00589ff00692dca7095a3c9264dfc44f1548e
MD5 hash: cd56d93394a5cd2d82506a20e155df2d
humanhash: nineteen-bakerloo-six-pasta
File name:REQUEST FOR QUOTATION FROM ---COMPANY.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:48'592 bytes
First seen:2020-06-05 19:34:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:1Vtp0Jp7OWpdcSFvvpyg83AVa1nS5obGIT25QZxTSOHg:1VvAp7Pdc8vvo/36aVmoj25QbT1Hg
TLSH A723022A5C3B02700FEF58E37AC4C353EA7C25058CB9136D07D37A3B755896B019999E
Reporter abuse_ch
Tags:GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mails.cesosenintl.ml
Sending IP: 193.142.59.85
From: Mr. Jacob <sanchezj@brightindustries.com>
Reply-To: sanchezj@brightindustries.com
Subject: REQUEST FOR QUOTATION FROM ---COMPANY
Attachment: REQUEST FOR QUOTATION FROM ---COMPANY.rar (contains "REQUEST FOR QUOTATION FROM ---COMPANY.pdf.exe")

GuLoader payload URL:
https://qif.ac.ke/anyii_DbAFfSTiIS190.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 19:36:11 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2pqyjhre5i4uh6hvevvb4lvnz3hame7amwsb2l2ie6xeoyxqn7la._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar d3e1849e24ea3943f8f5256a1e2eadcece0613e065a41d2f4827ae4762f06fd6

(this sample)

GuLoader

Executable exe a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c

  
URLhaus
https://urlhaus.abuse.ch/url/365506/
  
Dropping
MD5 d6d6756a8b5edb9299b912ef00cbebab
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c

Comments