MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6b9197244f9b708a7a4527f5996eac5e822cc8f7b2a4a6be716d98969edeeb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6b9197244f9b708a7a4527f5996eac5e822cc8f7b2a4a6be716d98969edeeb6
SHA3-384 hash: 25132eb320a3bb30f57b535eab214309ebd8095a333f2ead76c6eea31b712e91f92e54da2ca64ecb0dee792f439b7fbb
SHA1 hash: f7fd2ef9fde4089965752183f002a7a8c35387fa
MD5 hash: fddd369313107c586b1dc396b9d5a951
humanhash: apart-solar-wolfram-louisiana
File name:Purchase Order Ref AIGNEP190520.tar
Download: download sample
Signature GuLoader
Create hunting rule
File size:31'456 bytes
First seen:2020-05-26 09:10:39 UTC
Last seen:Never
File type: tar
MIME type:application/x-rar
ssdeep 768:+yImT7yYR5NHQB4NDrH3nea65oCCXcDFDsHOCzGl1r5msxohn5fuFVLI6:+4vyY7NHQsea652wZCzU1lmuolEp
TLSH E8E2F19FFD3C93ACFA86044291F6B869D42FB057ED146720C644F0D91D29A783AC248D
Reporter abuse_ch
Tags:GuLoader tar


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail.latorredecoracion.com
Sending IP: 5.56.62.103
From: Mattia Scalvini <aignep@latorredecoracion.com>
Subject: RE: Purchase Order Ref : AIGNEP190520
Attachment: Purchase Order Ref AIGNEP190520.tar (contains "Purchase Order Ref AIGNEP190520.pdf.pif")

GuLoader payload URL:
http://rilathome.lv/wp-content/monyman_LZzcsT206.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:21 UTC
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

tar d6b9197244f9b708a7a4527f5996eac5e822cc8f7b2a4a6be716d98969edeeb6

(this sample)

GuLoader

Executable exe e7ef14cf9416e9962ca7398e2d9890a5c0dcc92952cf27bf00a61880a8551228

  
URLhaus
https://urlhaus.abuse.ch/url/368728/
  
Dropping
MD5 5cb54499024f62bcff2e4362900a736e
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e7ef14cf9416e9962ca7398e2d9890a5c0dcc92952cf27bf00a61880a8551228

Comments