MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d41edd3545b3d7de4d3b9b7d4fa11374a5e03bc8386578c9391fc4f287a26683. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: d41edd3545b3d7de4d3b9b7d4fa11374a5e03bc8386578c9391fc4f287a26683
SHA1 hash: 2f0de67d8a65d918f06ece1fe7f5bf143dd5d70a
MD5 hash: 146861f0df8f3e028f58493c93e85845
File name:INVOICE BANK DETAILS.exe
Download: download sample
Signature GuLoader
File size:94'208 bytes
First seen:2020-05-22 10:18:56 UTC
Last seen:2020-05-22 10:52:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 04410cfda331f5249b49896f3bf9687a
ssdeep 768:yNqT9/fX1wJCgM3yqVmRqG8iYKVIKcwVn2yxGUhOf/jVIKTtKGya:cctX1wJCg2lmMNDKVIKp27/a+8A
TLSH E7933A6572A0D92AD8304EF19F3386680467FD352A258B0375C57B2F6E3398E5E3136B
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: h3.datagix.com
Sending IP: 82.196.25.97
From: Richard <hanifah.jamri@apis-resources.com>
Subject: INVOICE AND BANK DETAILS
Attachment: INVOICE BANK DETAILS.zip (contains "INVOICE BANK DETAILS.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1qnmY7JT85Lc06ddeKE0mMQCAniY1yL54

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 27
Origin country FR FR
ClamAV PUA.Win.Packer.ProtectSharewar-2
PUA.Win.Packer.ProtectSharewar-3
VirusTotal:Virustotal results 20.55%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe d41edd3545b3d7de4d3b9b7d4fa11374a5e03bc8386578c9391fc4f287a26683

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments