MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d557623ca60b42efbaaa8fc6ed3f829df9d0e1e05f33cfa5570b8ae3972a0ab3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d557623ca60b42efbaaa8fc6ed3f829df9d0e1e05f33cfa5570b8ae3972a0ab3
SHA3-384 hash: 9cb856396869833312a90836cc5013084a8e5c1b05b7475197250ba9d8b81286a5c5865e1f798a15f5daa4a8655ebdb0
SHA1 hash: ffbffdd5711d66b84a4214c00e06b11a34e6cc7c
MD5 hash: 0b61129d49ba2212c37b82287c868158
humanhash: tennis-mountain-cup-delaware
File name:AWB 9284730932.rar
Download: download sample
Signature GuLoader
Create hunting rule
File size:22'676 bytes
First seen:2020-11-05 10:23:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:AAj3LvKLViODZHAC2VQlewis3JCNT8tLw95YJTjCgyeyO6FSy0RxeSFxxOvPjn:TfCpiOtHAUlBivVCW5YJfCgH6FSy0xef
TLSH 7AA2D0745ADE995E8B41F559786E4B4387149DD2884F30C42F7D322FE178B6283CE8E8
Reporter abuse_ch
Tags:DHL GuLoader rar


Avatar
abuse_ch
Malspam distributing GuLoader:

From: "DHL Express"<eawb@iddhl.com>
Subject: EAWB Notification
Attachment: AWB 9284730932.rar (contains "AWB# 9284730932.exe")

GuLoader payload URL:
https://millenium-rj.com/ozil/floow_HQaIKx54.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d557623ca60b42efbaaa8fc6ed3f829df9d0e1e05f33cfa5570b8ae3972a0ab3/
Threat name:
Win32.Trojan.GuLoader
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 09:46:48 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2vlwepfgbnbo7ovkr7do2p4ctx45bypal4z47jkxbofohfzkbkzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar d557623ca60b42efbaaa8fc6ed3f829df9d0e1e05f33cfa5570b8ae3972a0ab3

(this sample)

GuLoader

Executable exe f1ffd3c13b7bd7f498e8b718d46509a14bf571c5783d4281adcfafe13291e1fd

  
URLhaus
https://urlhaus.abuse.ch/url/750727/
  
Dropping
MD5 042d652ca56b0729238362144375138f
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f1ffd3c13b7bd7f498e8b718d46509a14bf571c5783d4281adcfafe13291e1fd

Comments