MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcf1f848062d1d00d879c5f87d8e12d7070a50a06030b32450165e0b953a54f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: dcf1f848062d1d00d879c5f87d8e12d7070a50a06030b32450165e0b953a54f9
SHA1 hash: fb6d5e846d9a42bdcef9a5733fea75ef9a10435d
MD5 hash: daf7389934e6df5035fac39e77bbf5a0
File name:Superof5.exe
Download: download sample
Signature GuLoader
File size:94'208 bytes
First seen:2020-05-22 10:14:12 UTC
Last seen:2020-05-22 10:51:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 000f6a65760f10e27f7709cb1960e57e
ssdeep 768:0rb+2rxkDWVN/S8GS1sicI2v+vsCtjpRHvYTd7h4dxjJkgw1GWrX95X6:EKUxkiz/S8GCc+vsCJpRHEKGgGX/X6
TLSH 1B930B21F554EC6AC904CAB14A99C4A802EBBC336D951F4B39D63B2C3B73DC6DD62325
Reporter @abuse_ch
Tags:exe GuLoader


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: mailout02.agenturserver.de
Sending IP: 185.15.192.33
From: DKV EURO SERVICE GmbH + Co. KG <warth@lieferanten-marktplatz.de>
Subject: AW: AW:Payment and Order Confirmation 29-04-20 INVOICE_20-613129926-001
Attachment: Superof5.zip (contains "Superof5.exe")

GuLoader payload URL:
http://156.96.118.179/RDAV.bin

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 23
Origin country US US
ClamAV SecuriteInfo.com.Variant.Ursu.878098.31453.30321.UNOFFICIAL
VirusTotal:Virustotal results 28.17%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe dcf1f848062d1d00d879c5f87d8e12d7070a50a06030b32450165e0b953a54f9

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments